From 2b8d9c393fee1caf3ec8115511f1aaa9726573ca Mon Sep 17 00:00:00 2001
From: Wade Alcorn <wade@bindshell.net>
Date: Fri, 13 Jan 2012 22:18:42 +1000
Subject: [PATCH] Added iptables helper script

---
 test/scripts/iptables.sh | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 test/scripts/iptables.sh

diff --git a/test/scripts/iptables.sh b/test/scripts/iptables.sh
new file mode 100644
index 000000000..c4331dbcf
--- /dev/null
+++ b/test/scripts/iptables.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Delete all existing rules
+/sbin/iptables -F
+/sbin/iptables -X
+
+# Set default chain policies
+/sbin/iptables -P INPUT DROP
+/sbin/iptables -P FORWARD DROP
+/sbin/iptables -P OUTPUT ACCEPT
+
+# Allow unlimited traffic on loopback
+/sbin/iptables -A INPUT -i lo -j ACCEPT
+/sbin/iptables -A OUTPUT -o lo -j ACCEPT
+
+# Allow incoming SSH
+/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+/sbin/iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow established connections
+/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+