#!/bin/sh
IPTABLES="/sbin/iptables"
IFCONFIG="/sbin/ifconfig"
INET_DEV="eth0"

# Flush tables
echo "Flushing tables..."
$IPTABLES -F

# Set default policies for the INPUT, FORWARD and OUTPUT chains
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

#Enable Stateful Behaviour
$IPTABLES -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#Drop Invalid State Packets (A Good Thing[tm])
$IPTABLES -I INPUT -m state --state INVALID -j DROP
$IPTABLES -I OUTPUT -m state --state INVALID -j DROP
$IPTABLES -I FORWARD -m state --state INVALID -j DROP

# Traverse the INPUT chain
echo "Assembling the INPUT chain..."

$IPTABLES -A INPUT -p ALL -m state --state INVALID -j REJECT
$IPTABLES -A INPUT -p TCP ! --syn -m state --state NEW -j REJECT
$IPTABLES -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p UDP -m state --state ESTABLISHED,RELATED --dport 1025:65535 -j ACCEPT

$IPTABLES -A INPUT -p ICMP -s 0/0 --icmp-type  0 -j ACCEPT
$IPTABLES -A INPUT -p ICMP -s 0/0 --icmp-type  3 -j ACCEPT
$IPTABLES -A INPUT -p ICMP -s 0/0 --icmp-type  5 -j ACCEPT
$IPTABLES -A INPUT -p ICMP -s 0/0 --icmp-type  8 -j ACCEPT
$IPTABLES -A INPUT -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

#accept ssh
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 22 -j ACCEPT

#Asterisk
$IPTABLES -A INPUT -s 0/0 -p udp --dport 69 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 69 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 5036 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 5038 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 5060 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 5060 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 2543 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 2543 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 4569 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 2427 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 1720 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 1720 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 1719 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 1719 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp --dport 1718 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 1718 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p tcp --dport 2739 -j ACCEPT
$IPTABLES -A INPUT -s 0/0 -p udp -m udp --dport 10000:20000 -j ACCEPT

# Traverse the OUTPUT chain
echo "Assembling the OUTPUT chain..."
$IPTABLES -A OUTPUT -p ICMP -m state --state INVALID -j REJECT
$IPTABLES -A OUTPUT -p ALL -o $INET_DEV -j ACCEPT

# Handle special non-internet interfaces
echo "Handling the lo interface..."
$IPTABLES -A INPUT -p ALL -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
$IPTABLES -A INPUT -p ALL -i lo -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o lo -j ACCEPT