#IP Forwarding enabled by Zebra Routing Daemon

#iptables rule:
#Delete and flush. Default table is "filter".
#Others like "nat" must be explicitly stated.

iptables --flush		# Flush all the rules in filter and nat tables
iptables --table filter --flush
iptables --table nat --flush
iptables --table mangle --flush
iptables --delete-chain		# Delete all chains that are not in default
				# filter and nat table

iptables --table nat --delete-chain

#Block ports used by external proxies
iptables --append INPUT -p tcp --destination-port 8080 -j DROP
iptables --append INPUT -p tcp --destination-port 1080 -j DROP
iptables --append INPUT -p tcp --destination-port 8081 -j DROP
iptables --append INPUT -p tcp --destination-port 8001 -j DROP
iptables --append INPUT -p tcp --destination-port 8000 -j DROP
iptables --append INPUT -p tcp --destination-port 10080 -j DROP

#Start Traffic Shaper
#FixMe

#Kill connections to the local interface from the outside world
#iptables -A INPUT -d 127.0.0.0/8 -j REJECT

#Kill anything from outside claiming to be from internal network
#iptables -A INPUT -i eth1 -s 60.67.120.0/255.255.255.0 -j REJECT

#SYN Flooding protection
#iptables -N syn-flood
#iptables -A INPUT -i eth2 -p tcp --syn -j syn-flood
#iptables -A syn-flood -m limit --limit 1/s --limit-burst 10 -j RETURN
#iptables -A syn-flood -j LOG --log-prefix "syn-flood-protection: "
#iptables -A syn-flood -j DROP

#Setup IP FORWARDING and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth2 -j ACCEPT
iptables --append FORWARD --in-interface eth3 -j ACCEPT

#Port Redirection 
iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port 3128