From b8f9c05eac2d73d3003677e21051844f8fe1ca2f Mon Sep 17 00:00:00 2001
From: Vasudev Kamath <kamathvasudev@gmail.com>
Date: Mon, 12 Oct 2015 20:49:16 +0530
Subject: iptable rules to share internet with bridge network

---
 firewall | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100755 firewall

diff --git a/firewall b/firewall
new file mode 100755
index 0000000..f32f9da
--- /dev/null
+++ b/firewall
@@ -0,0 +1,24 @@
+#!/bin/sh
+iptables -t filter --flush
+iptables -t nat --flush
+iptables -t filter --delete-chain
+iptables -t nat --delete-chain
+
+iptables -t filter -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -t filter -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+iptables -t filter -A INPUT -i lo -j ACCEPT
+iptables -t filter -A INPUT -i natbr0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
+iptables -t filter -A INPUT -d 172.16.0.0/16 -i natbr0 -j ACCEPT
+iptables -t filter -A INPUT -s 172.16.0.0/16 -i natbr0 -j ACCEPT
+iptables -t filter -A FORWARD -i natbr0 -j ACCEPT
+iptables -t filter -A FORWARD -o natbr0 -j ACCEPT
+
+iptables -t filter -A INPUT -j DROP
+iptables -t filter -A OUTPUT -j ACCEPT
+iptables -t filter -A FORWARD -j DROP
+
+# NAT table
+iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -j MASQUERADE
+
+sysctl net.ipv4.ip_forward=1
-- 
cgit v1.2.3