#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== state
#==== Brick specific help ====
#	The address module checks for _invalid_ source and destination
#addresses, such as loopback, multicast, and broadcast address usage. 
#These rules should be safe to use on any network.

/usr/bin/sudo /sbin/iptables -N address
/usr/bin/sudo /sbin/iptables -A address -s 127.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A address -d 127.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A address -s 224.0.0.0/4 -j DROP
/usr/bin/sudo /sbin/iptables -A address -p ! udp -d 224.0.0.0/4 -j DROP
/usr/bin/sudo /sbin/iptables -A address -s 240.0.0.0/4 -j DROP
/usr/bin/sudo /sbin/iptables -A address -d 255.255.255.255/32 -j RETURN
/usr/bin/sudo /sbin/iptables -A address -d 240.0.0.0/4 -j DROP
/usr/bin/sudo /sbin/iptables -A address -s 255.255.255.255/32 -j DROP
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -m state ! --state ESTABLISHED -j address
/usr/bin/sudo /sbin/iptables -A FORWARD -m state ! --state ESTABLISHED -j address
/usr/bin/sudo /sbin/iptables -A OUTPUT -o ! lo -m state ! --state ESTABLISHED -j address