#!/bin/bash

export PATH="$PATH:/sbin"

iptables -F
iptables -X
iptables -Z

#允许本地回环
iptables -A INPUT -i lo -p all -j ACCEPT

#允许状态正常的数据包进入
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#允许PING测试的数据包进出
iptables -A INPUT -p icmp -j ACCEPT

#允许22端口的数据进出
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#shadowsocks
iptables -A INPUT -p tcp --dport 443 -s 221.229.197.108 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 112.85.231.243 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 23.249.16.26 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 47.56.87.122 -j ACCEPT
iptables -A INPUT -p tcp -s 45.116.13.23/32 --dport 1:65535 -j ACCEPT

#http https server
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -P INPUT DROP

mkdir -pv /etc/iptables
iptables-save >/etc/iptables/rules
echo "pre-up /sbin/iptables-restore < /etc/iptables/rules" >>/etc/network/interfaces
iptables -t filter -L -n