#!/bin/sh
#iptables -F
#
#iptables -P INPUT   DROP
#iptables -P OUTPUT  DROP
#iptables -P FORWARD DROP
#
#for proto in tcp udp
#do
#  for port in 53 666 655
#  do
#    iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
#    iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
#    iptables -A INPUT  -p $proto --dport $port -j ACCEPT
#    iptables -A INPUT  -p $proto --sport $port -j ACCEPT
#  done
#done
#
#iptables -A OUTPUT -p icmp -j ACCEPT
#iptables -A INPUT  -p icmp -j ACCEPT
#
#iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
#
#
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT

# mastersword.de
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
#iptables -A INPUT  -p tcp -s 78.46.215.78 -j ACCEPT

# gw1.freifunk-ol.de
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
#iptables -A INPUT  -p tcp -s 178.33.33.102 -j ACCEPT

# freifunk-ol.de
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
#iptables -A INPUT  -p tcp -s 178.33.33.208 -j ACCEPT

#Masquerade interface for gateway
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#solves MTU problem with bad ISP´s
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu