#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== state
#==== Brick specific help ====
#	The established module allows all state ESTABLISHED or RELATED traffic
#through.  It should go after checks for illegal packet characteristics
#(which is the role of most of the other bricks).  Rules and chains
#following this one can then focus on the state NEW packets (the starting
#packets of the conversation).
#	Not only is this safe to use, but the stateful nature of
#iptables firewalling provided by the state module actual improves the
#security of a firewall.  The only circumstance in which this might not
#be a good idea is if you have a firewall that is already straining to
#handle a very high load.  In that case, stateful checks should be moved
#to one or more additional firewalls behind the main one.

/usr/bin/sudo /sbin/iptables -N established
/usr/bin/sudo /sbin/iptables -A established -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -j established
/usr/bin/sudo /sbin/iptables -A FORWARD -j established
/usr/bin/sudo /sbin/iptables -A OUTPUT -j established