#!/bin/sh
ipchains -F
ipchains -X
ipchains -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
ipchains -A input -p icmp -s 0/0 echo-reply -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 destination-unreachable -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 network-unreachable -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 host-unreachable -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 protocol-unreachable -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 port-unreachable -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 source-route-failed -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 network-unknown -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 host-unknown -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 network-prohibited -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 host-prohibited -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 TOS-network-unreachable -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 TOS-host-unreachable -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 communication-prohibited -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 echo-request -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 time-exceeded -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 ttl-zero-during-transit -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 ttl-zero-during-reassembly -d 0/0 -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 -p icmp -j DENY
ipchains -A input -s 0/0 -d 0/0 53 -p tcp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 22 -p tcp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 22 -p udp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 25 -p tcp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 113 -p tcp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 123 -p tcp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 123 -p udp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 2049 -p tcp -j DENY
ipchains -A input -s 0/0 -d 0/0 2049 -p tcp -j DENY
ipchains -A input -s 0/0 -d 0/0 33434:33523 -p udp -j DENY
ipchains -A input -s 0/0 -d 0/0 6000:6063 -p tcp -j DENY
ipchains -A input -s 0/0 -d 0/0 1023: -p tcp -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 1023: -p udp -j ACCEPT
ipchains -A input -s 0/0 -d 161.53.70.132/255.255.255.255 -p tcp -y -j DENY
ipchains -A input -s 0/0 -d 161.53.70.132/255.255.255.255 -p udp -j DENY 
ipchains -A input -s 0/0 -d 161.53.70.132/255.255.255.255 -p icmp -j DENY
ipchains -A output -p tcp -b -s 0.0.0.0/0 telnet:ssh -t 0x01 0x10
ipchains -A output -p tcp -b -s 0.0.0.0/0 smtp -t 0x01 0x04
ipchains -A output -p icmp -b -s 0.0.0.0/0 -t 0x01 0x10
ipchains -A output -p tcp -b -s 0.0.0.0/0 ftp -t 0x01 0x02
ipchains -A output -p tcp -b -s 0.0.0.0/0 ftp-data -t 0x01 0x02
ipchains -A output -p tcp -s 0.0.0.0/0 1024: -t 0x01 0x02
exit 0