#!/bin/bash

/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -F -t mangle

# default policy ACCEPT
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -s 10.10.10.127 -p tcp --dport 22 -j ACCEPT
# /sbin/iptables -A FORWARD -d 192.168.0.100 -p tcp --dport 80 -j ACCEPT
# /sbin/iptables -A FORWARD -d 192.168.0.0/24 -j DROP

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.100

/sbin/iptables -A FORWARD -d 192.168.0.100 -p tcp --dport 80 -j ACCEPT