#!/bin/bash

#Firewallscript written by David Leutgeb

#Alle Einstellungen löschen

echo "Flush all existing chains"
iptables -F

echo "Delete all custom chains"
iptables -X

#Eingehende Verbindungen akzeptieren
echo "Accept incoming connections"

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 10051 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p udp --dport 162 -m state --state NEW -j ACCEPT

#ICMP akzeptieren
echo "Accept ICMP"

iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT

#Alle bereits hergestellten Verbindungen akzeptieren

echo "Accept established and related connections"
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Ausgehende Verbindungen erlauben

echo "Accept outgoing connections"

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
ip6tables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

#Lokale Verbindungen akzeptieren

echo "Accept local Connections"
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#Alle Verbindungen standardmäßig verbieten

echo "Deny all connections"
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
ip6tables -P FORWARD DROP