#!/bin/bash
# --------------------------------------------------------
# Firewall básico para un gateway GNU/Linux
# http://www,.mey-online.com.ar/blog
# Ismael Ull <mey@mey-online.com.ar>
# --------------------------------------------------------

PATH=/usr/sbin:/sbin:/bin:/usr/bin

LAN='eth0'
# Descomentar la que corresponda
WAN='eth1'
#WAN='PPP0'

# -------------------- INICIALIZACION --------------------
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# ----------------------- LOOPBACK -----------------------
iptables -A INPUT -i lo -j ACCEPT

# ----------------- FILTADO DE PAQUETES ------------------
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
iptables -A FORWARD -i $WAN -o $LAN -j REJECT

# ------------------- ENMASCARAMIENTO --------------------
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# ------------------------- RUTEO ------------------------
echo 1 > /proc/sys/net/ipv4/ip_forward