#!/bin/sh
# Load FTP Kernel modules
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

# Inital chains default policy
/sbin/iptables -F -t filter
/sbin/iptables -P INPUT  DROP
/sbin/iptables -P OUTPUT ACCEPT

# Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# ICMP Allow
/sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT

# WWW Service
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# ORACLE Service
/sbin/iptables -A INPUT -p tcp -s 192.168.8.0/24 --dport 1521 -j ACCEPT
# SSH Service
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# FTP Service
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

---------------------------------------------------------------------------------------------

#!/bin/sh

#stop iptables
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F
/sbin/iptables -Z
/sbin/iptables -X