iptable rules to share internet with bridge network

author: Vasudev Kamath <kamathvasudev@gmail.com> 2015-10-12 20:49:16 +0530
committer: Vasudev Kamath <kamathvasudev@gmail.com> 2015-10-12 21:19:50 +0530
commit: b8f9c05eac2d73d3003677e21051844f8fe1ca2f (patch)
tree: fa062a1423f047df89b98c963fc149263c9b44da
parent: 011d56d79d42217072649bd26198d2b7052f81a7 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/firewall b/firewall
new file mode 100755
index 0000000..f32f9da
--- /dev/null
+++ b/firewall
@@ -0,0 +1,24 @@
+#!/bin/sh
+iptables -t filter --flush
+iptables -t nat --flush
+iptables -t filter --delete-chain
+iptables -t nat --delete-chain
+
+iptables -t filter -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -t filter -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+iptables -t filter -A INPUT -i lo -j ACCEPT
+iptables -t filter -A INPUT -i natbr0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
+iptables -t filter -A INPUT -d 172.16.0.0/16 -i natbr0 -j ACCEPT
+iptables -t filter -A INPUT -s 172.16.0.0/16 -i natbr0 -j ACCEPT
+iptables -t filter -A FORWARD -i natbr0 -j ACCEPT
+iptables -t filter -A FORWARD -o natbr0 -j ACCEPT
+
+iptables -t filter -A INPUT -j DROP
+iptables -t filter -A OUTPUT -j ACCEPT
+iptables -t filter -A FORWARD -j DROP
+
+# NAT table
+iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -j MASQUERADE
+
+sysctl net.ipv4.ip_forward=1
author	Vasudev Kamath <kamathvasudev@gmail.com>	2015-10-12 20:49:16 +0530
committer	Vasudev Kamath <kamathvasudev@gmail.com>	2015-10-12 21:19:50 +0530
commit	b8f9c05eac2d73d3003677e21051844f8fe1ca2f (patch)
tree	fa062a1423f047df89b98c963fc149263c9b44da
parent	011d56d79d42217072649bd26198d2b7052f81a7 (diff)