#!/bin/bash # Set default policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Flush existing rules iptables -F -t nat iptables -F -t mangle iptables -F -t filter iptables -X # Allow localhost traffic iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow related traffic iptables -A INPUT -m conntrack --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -m conntrack --state ESTABLISHED -j ACCEPT # Allow icmp traffic iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT # Allow outgoing traffic iptables -A OUTPUT -j ACCEPT # Log & Drop the rest iptables -A INPUT -j LOG --log-prefix "INPUT " iptables -A INPUT -j DROP iptables -A FORWARD -j DROP iptables -A FORWARD -j LOG --log-prefix "FORWARD " # Show ruleset iptables -L -vnx