#!/bin/bash
# Apagar todas as regras existentes
/usr/sbin/iptables -F
/usr/sbin/iptables -t nat -F

# Seta policiamento "negar" por padrão - fechar tudo
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -P FORWARD DROP
/usr/sbin/iptables -P OUTPUT DROP

# Habilita conexão somente a portas liberadas
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Carrega módulos
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

# Aceita regras - acrescente aqui o que quer liberar
/usr/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward