# FORWARD firewall: traffic passing through us

# Allow answers for conversations back
${IPTABLES} -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow new outgoing connections from the inside (eth0) to the outside (eth1)
${IPTABLES} -A FORWARD -m state --state NEW -i eth0 -o eth1 -j ACCEPT

# In addition to that, enable (incoming) TCP traffic to
# the well-known ports we want enabled.
for port in 22 113; do
  ${IPTABLES} -A FORWARD -m state --state NEW --proto tcp --destination-port $port -j ACCEPT
done

# Log and drop the rest
${IPTABLES} -A FORWARD -j LOG
${IPTABLES} -A FORWARD -j DROP