# Example /etc/sysconfig/iptables configuration file
#
# Turn on traffic filtering
*filter

# Set default policies
:INPUT DROP [1:44]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [27040:2493902]

# Accept all traffic from the loopback interface.
-A INPUT -i lo -j ACCEPT

# Accept legitimate responses to traffic we generate.
iptables -I INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 11 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -I OUTPUT 11 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -I public_in 11 -m state –state RELATED,ESTABLISHED -j ACCEPT

!
# Forward all legitimate responses to forwarded traffic.
# iptables -I FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
!
# Allow inbound DNS responses from our ISPs DNS servers.
# Change these to the IP addresses of your ISPs DNS servers.
iptables -I INPUT -s 0.0.0.0 -i eth0 -p udp -m state –state ESTABLISHED -m udp –sport 53 -j ACCEPT
iptables -I INPUT -s 0.0.0.0 -i eth0 -p tcp -m tcp –sport 53 -m state –state ESTABLISHED -j ACCEPT
iptables -I INPUT -s 1.1.1.1 -i eth0 -p udp -m state –state ESTABLISHED -m udp –sport 53 -j ACCEPT
iptables -I INPUT -s 1.1.1.1 -i eth0 -p tcp -m tcp –sport 53 -m state –state ESTABLISHED -j ACCEPT

!
# Allow inbound DHCP from the Local wireless network (note: not from 10.0.0/8)
# Change this to the network allocated for your use.
iptables -I INPUT -s 10.1.2.0/255.255.255.0 -i wlan0 -p udp –dport 67:68 –sport 67:68 -j ACCEPT
!
# Allow inbound FTP from the entire wireless network.
iptables -I INPUT -d 10.1.2.0/255.255.255.0 -p tcp -m tcp –dport 21 -j ACCEPT
iptables -I INPUT -d 10.1.2.1 -p udp -m state –state NEW,ESTABLISHED -m udp –dport 21 -j ACCEPT

!
# Allow all related traffic to/from non-privileged ports.
iptables -I INPUT -p tcp -m tcp –sport 1024:65535 –dport 1024:65535 -m state –state RELATED,ESTABLISHED -j ACCEPT