From ed8c8499dc1f09e91eda8f41a6a9a14d8b3350a0 Mon Sep 17 00:00:00 2001
From: secnet <secnet@ja13.org>
Date: Sat, 22 Sep 2018 20:34:00 +0000
Subject: [PATCH] initial commit

---
 iptables.rules | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 iptables.rules

diff --git a/iptables.rules b/iptables.rules
new file mode 100644
index 0000000..a4f4b99
--- /dev/null
+++ b/iptables.rules
@@ -0,0 +1,42 @@
+*filter
+:INPUT ACCEPT [139:11952]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [31:3232]
+
+# Allow host ports
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 53 -j ACCEPT
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 13699 -j ACCEPT
+
+# Standard Internal Traffic
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+# NAT Forwarding
+-A FORWARD -i enp2s0.10 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.11 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.12 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.13 -o enp2s0.2 -j ACCEPT
+-A FORWARD -i enp2s0.14 -o enp2s0.2 -j ACCEPT
+
+# NAT Returns
+-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -m conntrack --ctstate INVALID -j DROP
+
+# Drop weird shit
+-A INPUT -p tcp -j DROP
+
+COMMIT
+
+*nat
+:PREROUTING ACCEPT [12:835]
+:INPUT ACCEPT [12:835]
+:OUTPUT ACCEPT [1:104]
+:POSTROUTING ACCEPT [0:0]
+
+# General NAT Traffic
+-A POSTROUTING -o enp2s0.2 -j MASQUERADE
+
+COMMIT
+