#!/bin/bash# Script run on boot as root crontab ( @reboot ) to initialise router.# WDY# Default policy to drop all incoming packets.
iptables -P INPUT DROP
iptables -P FORWARD DROP
# Accept incoming packets from localhost and the LAN interface.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i enp1s0 -j ACCEPT
# Accept incoming packets from the WAN if the router initiated the connection.
iptables -A INPUT -i enp2s0 -m conntrack \--ctstate ESTABLISHED,RELATED -j ACCEPT
# Forward LAN packets to the WAN.
iptables -A FORWARD -i enp1s0 -o enp2s0 -j ACCEPT
# Forward WAN packets to the LAN if the LAN initiated the connection.
iptables -A FORWARD -i enp2s0 -o enp1s0 -m conntrack \--ctstate ESTABLISHED,RELATED -j ACCEPT
# NAT traffic going out the WAN interface.
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
# rc.local needs to exit with 0exit 0
leases is aliased to `dhcp-lease-list --lease /var/lib/dhcp/dhcpd.leases'