initial commit

iptables.rules

@@ -0,0 +1,42 @@
+*filter
+:INPUT ACCEPT [139:11952]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [31:3232]
+
+# Allow host ports
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 53 -j ACCEPT
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 13699 -j ACCEPT
+
+# Standard Internal Traffic
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+# NAT Forwarding
+-A FORWARD -i enp2s0.10 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.11 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.12 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.13 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.14 -o enp2s0.2 -j ACCEPT
+
+# NAT Returns
+-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -m conntrack --ctstate INVALID -j DROP
+
+# Drop weird shit
+-A INPUT -p tcp -j DROP
+
+COMMIT
+
+*nat
+:PREROUTING ACCEPT [12:835]
+:INPUT ACCEPT [12:835]
+:OUTPUT ACCEPT [1:104]
+:POSTROUTING ACCEPT [0:0]
+
+# General NAT Traffic
+-A POSTROUTING -o enp2s0.2 -j MASQUERADE
+
+COMMIT
+