iptables -F
#block attacks
iptables -A INPUT -d 80.252.133.24 -s 93.114.41.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 60.190.172.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 61.51.18.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 97.77.93.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 69.50.194.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 76.26.179.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 93.114.41.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 12.160.103.0/24 -j DROP
iptables -A INPUT -d 80.252.133.24 -s 46.229.168.0/24 -j DROP
iptables -A INPUT -p all -s 90.151.80.0/20 -j DROP
iptables -A INPUT -p all -s 193.168.178.0/23 -j DROP

#internet access
iptables -A FORWARD -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j MASQUERADE

#block ports (internet)
#iptables -A INPUT -p tcp -d 80.252.133.24 --dport 21 -s 93.175.0.0/255.255.0.0 -j ACCEPT
#iptables -A INPUT -p tcp -d 80.252.133.24 --dport 22 -s 93.175.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p tcp -d 80.252.133.24 --dport 21 -j DROP
iptables -A INPUT -p tcp -d 80.252.133.24 --dport 22 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 2049 -j DROP
iptables -A INPUT -p tcp -d 80.252.133.24 --dport 3306 -j DROP
iptables -A INPUT -p tcp -d 0/0 --dport 60999 -j DROP
iptables -A INPUT -p udp -d 0/0 --dport 50022 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 1812 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 1813 -j DROP
iptables -I INPUT -s 217.197.199.50 -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -s 217.197.199.53 -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -s 217.197.199.54 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -d 80.252.133.24 --dport 40900 -j DROP
iptables -A INPUT -p tcp -d 80.252.133.24 --dport 111 -j DROP

iptables -A INPUT -p udp -d 80.252.133.24 --dport 973 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 51194 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 67 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 111 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 1701 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 58022 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 779 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 1812 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 1813 -j DROP
iptables -A INPUT -p udp -d 80.252.133.24 --dport 1814 -j DROP

# Asterisk
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp --dport 5060 -j ACCEPT
iptables -t nat -A PREROUTING -p udp -d 80.252.133.24 --dport 5060 -j DNAT --to-destination 192.168.200.102:5060
iptables -t nat -A PREROUTING -p udp -d 80.252.133.24 --dport 10000:12000 -j DNAT --to-destination 192.168.200.102
iptables -t nat -A PREROUTING -p udp -d 80.252.133.24 --dport 1701 -j DNAT --to-destination 192.168.200.1:1701

# Asterisk block
iptables -I FORWARD -p all -s 37.59.0.0/16 -j DROP
iptables -I FORWARD -p all -s 45.134.144.0/24 -j DROP
iptables -I FORWARD -p all -s 193.46.255.0/24 -j DROP
iptables -I FORWARD -p all -s 51.89.0.0/16 -j DROP
iptables -I FORWARD -p all -s 167.114.0.0/16 -j DROP
iptables -I FORWARD -p all -s 2.57.121.0/24 -j DROP
iptables -I FORWARD -p all -s 212.129.0.0/18 -j DROP
iptables -I FORWARD -p all -s 89.239.32.0/20 -j DROP
iptables -I FORWARD -p all -s 104.40.0.0/13 -j DROP
iptables -I FORWARD -p all -s 23.96.0.0/13 -j DROP
iptables -I FORWARD -p all -s 178.239.21.0/24 -j DROP

# Ivideon
iptables -A FORWARD -d 93.114.41.0/24 -j DROP
iptables -A FORWARD -d 34.242.12.0/24 -j DROP
iptables -A FORWARD -d 23.111.105.0/24 -j DROP

# ban
iptables -I INPUT -s 194.169.175.20 -j DROP
iptables -I INPUT -s 60.211.206.17 -j DROP
iptables -I INPUT -s 178.215.236.120 -j DROP
iptables -I INPUT -s 45.129.14.173 -j DROP