#!/bin/sh

#SLAVENS="213.115.228.130"


iptables -P INPUT ACCEPT
iptables -F INPUT

# accept any traffic from local network ....
iptables -A INPUT -i ! wan -j ACCEPT

# VPN from dickles
#iptables -I INPUT -s 83.248.154.254 -j ACCEPT
iptables -I INPUT -p esp -j ACCEPT
iptables -I INPUT -p ah -j ACCEPT
iptables -I INPUT -p udp --dport 500 -j ACCEPT
iptables -I INPUT -p tcp --dport 500 -j ACCEPT

# icmp
iptables -A INPUT -i wan -p icmp -j ACCEPT

# ssh
iptables -A INPUT -i wan -p tcp --dport 22 -j ACCEPT

# mail
iptables -A INPUT -i wan -p tcp --dport 25 -j ACCEPT # smtp
iptables -A INPUT -i wan -p tcp --dport 993 -j ACCEPT # imaps
iptables -A INPUT -i wan -p udp --dport 993 -j ACCEPT # imaps

# web
iptables -A INPUT -i wan -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i wan -p tcp --dport 443 -j ACCEPT

# dns
iptables -A INPUT -i wan -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i wan -p udp --dport 53 -j ACCEPT

# allow zonetransfers from ns2.fjortis.info
#iptables -A INPUT -i wan -p tcp -s $SLAVENS --dport 53 -j ACCEPT


# allow any established connection. 
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


iptables -P INPUT DROP