#!/bin/bash -x

LOCAL_NETWORK=192.168.100.0

csf -x
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT

#Allow everyone to these ports
iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443,22 -j ACCEPT

#Allow all local networks connections in
iptables -A INPUT -p tcp -s $LOCAL_NETWORK/24 -j ACCEPT

#advanced tcp connection stuff
iptables -A INPUT -m conntrack -j ACCEPT  --ctstate RELATED,ESTABLISHED
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow Backupserver to ping
#SERVER_IP=""
#iptables -A INPUT -p icmp -s $SERVER_IP -j ACCEPT

#iptables -A INPUT -p tcp --sport 2520 -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 2520 -j ACCEPT

#Finally, drop everyone else
iptables -A INPUT -i eth0 -j DROP

#restart docker
service docker restart

#only allow subnet connections  -- use firewall-iptables.conf instead: sudo iptables-restore -n firewall-iptables.conf
#iptables -I DOCKER-USER -i eth0 ! -s $LOCAL_NETWORK/24 -j DROP

#save iptables
iptables-save > /etc/sysconfig/iptables