#!/bin/bash
#
# For debug
#set -e # Abort script when command exits with error
#set -x # Print each command before it is executed (only for debugging)

outside_interface="ppp0"

echo "[FIREWALL] = > Adding rules for BOGON networks = DROP"
# deny INPUT from BOGON networks -->> ME
iptables -A INPUT -i $outside_interface -s 0.0.0.0/8 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 127.0.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 10.0.0.0/8 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 172.16.0.0/12 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 192.168.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 169.254.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 192.0.2.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 198.51.100.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 203.0.113.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 198.18.0.0/15 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 192.88.99.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 100.64.0.0/10 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 240.0.0.0/4 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 224.0.0.0/4 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 255.255.255.255 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"

# deny FORWARD from BOGON networks -->> inside (+ route blackhole)
iptables -A FORWARD -i $outside_interface -s 0.0.0.0/8 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 127.0.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 10.0.0.0/8 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 172.16.0.0/12 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 192.168.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 169.254.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 192.0.2.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 198.51.100.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 203.0.113.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 198.18.0.0/15 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 192.88.99.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 100.64.0.0/10 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 240.0.0.0/4 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 224.0.0.0/4 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 255.255.255.255 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"

# deny OUTPUT from BOGON networks -->> outside (+ route blackhole)
iptables -A OUTPUT -o $outside_interface -d 0.0.0.0/8 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 127.0.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 10.0.0.0/8 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 172.16.0.0/12 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 192.168.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 169.254.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 192.0.2.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 198.51.100.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 203.0.113.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 198.18.0.0/15 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 192.88.99.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 100.64.0.0/10 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 240.0.0.0/4 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 224.0.0.0/4 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 255.255.255.255 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"