#!/bin/sh
cd /sbin
# Tabellen löschen und Standardaktion auf Drop setzen
./iptables -F
./iptables -P INPUT DROP
./iptables -P OUTPUT DROP

# Input-Tabelle befüllen
./iptables -A INPUT -s 84.201.238.218 -j DROP 
./iptables -A INPUT -s 60.191.63.25 -j DROP 
./iptables -A INPUT -s 67.207.75.69 -j DROP 
./iptables -A INPUT -s 203.248.245.224 -j DROP 
./iptables -A INPUT -s 68.153.164.252 -j DROP 
./iptables -A INPUT -s 219.94.145.195 -j DROP 
./iptables -A INPUT -s 87.249.121.195 -j DROP 
./iptables -A INPUT -s 94.75.209.160 -j DROP 
./iptables -A INPUT -s 123.212.102.46 -j DROP 
./iptables -A INPUT -s 85.92.130.14 -j DROP 
./iptables -A INPUT -s 211.104.65.22 -j DROP 
./iptables -A INPUT -s 69.20.54.123 -j DROP 
./iptables -A INPUT -s 66.199.247.226 -j DROP 
./iptables -A INPUT -s 190.158.230.33 -j DROP 
./iptables -A INPUT -s 85.25.126.242 -j DROP 
./iptables -A INPUT -s 124.124.209.130 -j DROP 
./iptables -A INPUT -s 88.191.59.73 -j DROP 
./iptables -A INPUT -s 62.23.221.88 -j DROP 
./iptables -A INPUT -s 59.125.183.172 -j DROP 
./iptables -A INPUT -s 24.188.201.251 -j DROP 
./iptables -A INPUT -s 58.222.11.2 -j DROP 
./iptables -A INPUT -s 218.249.193.151 -j DROP 
./iptables -A INPUT -s 81.137.201.165 -j DROP 
./iptables -A INPUT -s 208.57.142.137 -j DROP 
./iptables -A INPUT -s 200.69.225.201 -j DROP 
./iptables -A INPUT -s 213.233.121.45 -j DROP 
./iptables -A INPUT -s 91.194.84.177 -j DROP 
./iptables -A INPUT -s 208.94.245.186 -j DROP 
./iptables -A INPUT -s 216.16.72.43 -j DROP 
./iptables -A INPUT -s 190.24.10.10 -j DROP 
./iptables -A INPUT -s 80.179.149.122 -j DROP 
./iptables -A INPUT -s 207.65.96.25 -j DROP 
./iptables -A INPUT -s 58.26.137.80 -j DROP 
./iptables -A INPUT -s 87.118.91.151 -j DROP 
./iptables -A INPUT -s 117.21.249.75 -j DROP 
./iptables -A INPUT -s 206.131.233.5 -j DROP 
./iptables -A INPUT -s 222.68.194.58 -j DROP 
./iptables -A INPUT -s 200.69.106.147 -j DROP 
./iptables -A INPUT -s 123.233.245.226 -j DROP 
./iptables -A INPUT -s 194.27.146.1 -j DROP
./iptables -A INPUT -s 74.118.194.229 -j DROP
./iptables -A INPUT -s 114.112.69.49 -j DROP
./iptables -A INPUT -s 182.71.209.201 -j DROP
./iptables -A INPUT -s 222.190.127.15 -j DROP

./iptables -A INPUT -i lo -j ACCEPT 
./iptables -A INPUT -i venet+ -m state --state RELATED,ESTABLISHED -j ACCEPT 
./iptables -A INPUT -s 212.12.45.181 -j ACCEPT 
./iptables -A INPUT -s 87.106.135.251 -j ACCEPT 
./iptables -A INPUT -s 195.20.224.234 -j ACCEPT 
./iptables -A INPUT -s 195.20.224.99 -j ACCEPT
./iptables -A INPUT -s 85.214.135.240 -j ACCEPT 
./iptables -A INPUT -s 78.143.39.128 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT 
./iptables -A INPUT -p tcp -m tcp --dport 8000:8001 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT 
./iptables -A INPUT -p tcp -m tcp --dport 14534 -j ACCEPT 
./iptables -A INPUT -p udp -m udp --dport 8767:9600 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 30033 -j ACCEPT
./iptables -A INPUT -p udp -m udp --dport 9987:9996 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 10011 -j ACCEPT 
./iptables -A INPUT -p tcp -m tcp --dport 57319 -j ACCEPT 
./iptables -A INPUT -p tcp -m tcp --dport 20:25 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 28 -j ACCEPT 
./iptables -A INPUT -p tcp -m tcp --dport 122:123 -j ACCEPT 
./iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 
./iptables -A INPUT -p tcp -m tcp --dport mysql -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 6667 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 6697 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 8123 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 1935 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 33333:33335 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 9100 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 60000:65535 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
./iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
./iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
./iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT 
./iptables -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT 
./iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
./iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT 
./iptables -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT 
./iptables -A INPUT -p udp -m udp --dport 137 -j DROP 
./iptables -A INPUT -p udp -m udp --dport 138 -j DROP 
./iptables -A INPUT -p tcp -m tcp --dport 139 -j DROP 
./iptables -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset 


#Output-Tabelle befüllen
./iptables -A OUTPUT -o lo -j ACCEPT 
./iptables -A OUTPUT -o venet+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 
./iptables -A OUTPUT -d 212.12.45.181 -j ACCEPT 
./iptables -A OUTPUT -d 87.106.135.251 -j ACCEPT 
./iptables -A OUTPUT -d 195.20.224.234 -j ACCEPT 
./iptables -A OUTPUT -d 195.20.224.99 -j ACCEPT
./iptables -A OUTPUT -d 85.214.135.240 -j ACCEPT 
./iptables -A OUTPUT -d 78.143.39.128 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport 8000:8001 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 10000 -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport 14534 -j ACCEPT 
./iptables -A OUTPUT -p udp -m udp --sport 8767:9600 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 30033 -j ACCEPT
./iptables -A OUTPUT -p udp -m udp --sport 9987:9996 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 10011 -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport 57319 -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport 20:25 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 28 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport ftp-data -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport 122:123 -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport mysql -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 6667 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 6697 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 8080 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 25565 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 8123 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 1935 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport smtp -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 9090 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 8443 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 60000:65535 -j ACCEPT
./iptables -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT 
./iptables -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT 
./iptables -A OUTPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT 
./iptables -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
./iptables -A OUTPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT 
./iptables -A OUTPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT 
./iptables -A OUTPUT -p tcp -m tcp --sport 33333:33335 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 9001 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 9100 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT
./iptables -A OUTPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset 
./iptables -A OUTPUT -p udp -m udp -j REJECT --reject-with icmp-port-unreachable