#!/bin/sh
iptables -F
iptables -X
iptables -Z
iptables -P FORWARD DROP
iptables -P INPUT   DROP
iptables -P OUTPUT  ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 18 -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type 17 -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type 10 -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type 9 -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type 5 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -i wlan0 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -i eth0 -j DROP
iptables -A INPUT -s 192.168.1.1/24 -i wlan0 -j DROP
iptables -A INPUT -s 192.168.1.1/24 -i eth0 -j DROP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j interfaces
iptables -A INPUT -j open
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -i wlan0 -p icmp -m icmp --icmp-type 8 -j DROP
iptables -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j DROP
iptables -A interfaces -i lo -j ACCEPT
iptables -A open -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A open -p tcp -m tcp --dport 139 -j ACCEPT
iptables -A open -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A open -p tcp -m tcp --dport 445 -j ACCEPT
iptables -A open -p tcp -m tcp --dport 6897:6900 -j ACCEPT
iptables -A open -p tcp -m tcp --dport 6901 -j ACCEPT
iptables -A open -p udp -m udp --dport 137:138 -j ACCEPT
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -p udp -j DROP