#!/bin/bash
########## Written by. Tini (sky@tini4u.net)

########## Variable Setting
# iptables Path ÁöÁ¤
iptables=/sbin/iptables

# Server IP ¹Þ¾Æ¿À±â
Srv_IP="`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"

########## Rules Reset, Default Rules
# ±âÁ¸ÀÇ ¸ðµç iptables Rules ¸®¼Â
${iptables} -F

# localhost¿Í ¼­¹öÀÇ IP Çã¿ë
${iptables} -A INPUT -i lo -j ACCEPT
${iptables} -A INPUT -s ${Srv_IP} -j ACCEPT

# Admin Networks IP Çã¿ë
${iptables} -A INPUT -s 192.168.0.0/24 -j ACCEPT

######### Default DROP Rules
#${iptables} -A INPUT -s 192.168.10.0/24 -j DROP

# INVALID Packet DROP
${iptables} -A INPUT -m state --state INVALID -j DROP

########## TCP Service Rules
# ftp-data port (active)
${iptables} -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
${iptables} -A INPUT -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT

# ftpd service
${iptables} -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
${iptables} -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

# sshd service
${iptables} -A INPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
${iptables} -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

# smtpd service
${iptables} -A INPUT -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
${iptables} -A INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

# rdate open
${iptables} -A INPUT -p tcp --sport 37 -m state --state ESTABLISHED -j ACCEPT

# name server service
${iptables} -A INPUT -p tcp --sport 53 -m state --state ESTABLISHED -j ACCEPT
${iptables} -A INPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

# httpd service
${iptables} -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
${iptables} -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

# pop3d service
${iptables} -A INPUT -p tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT

# imapd service
${iptables} -A INPUT -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT

# mysqld service
${iptables} -A INPUT -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

########## UDP Service Rules
# name server service
${iptables} -A INPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
${iptables} -A INPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

# icmp open
${iptables} -A INPUT -p icmp -j ACCEPT

########## Packet Drop Rules
# SYN Packet (SYN,RST,ACK SYN) DROP
${iptables} -A INPUT -p tcp --syn -j REJECT

# All packet DROP
${iptables} -A INPUT -s 0/0 -d 0/0 -j DROP

########## The End
echo -e "Done."
exit;