#!/bin/bash
# iptables.sh - Sets up IPTables firewall

# Path to IPTables
IPT="/sbin/iptables"

# Set default policies
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

# Flush all chains and delete custom chains
$IPT -F
$IPT -X

# Allow all incoming traffic over localhost
$IPT -A INPUT -i lo -j ACCEPT

# Stateful packet matching
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH 
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow DNS
$IPT -A INPUT -p tcp --dport 53 -j ACCEPT
$IPT -A INPUT -p udp --dport 53 -j ACCEPT

# Allow HTTP(S)
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow mail (SMTP, POP3(S), IMAP(S))
$IPT -A INPUT -p tcp --dport 25 -j ACCEPT
$IPT -A INPUT -p tcp --dport 110 -j ACCEPT
$IPT -A INPUT -p tcp --dport 143 -j ACCEPT
$IPT -A INPUT -p tcp --dport 993 -j ACCEPT
$IPT -A INPUT -p tcp --dport 995 -j ACCEPT

# Allow Jabber
$IPT -A INPUT -p tcp --dport 5222 -j ACCEPT
$IPT -A INPUT -p tcp --dport 5223 -j ACCEPT

# Reject IDENT requests (speeds mail delivery to some servers)
$IPT -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset

# Block all other traffic
$IPT -A INPUT -j DROP