*filter
# Default Policies
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# Allow Localhost && Internal Network
-A INPUT -i lo -j ACCEPT
-A INPUT -p all -m state --state NEW -s 10.0.0.0/8 -j ACCEPT
-A INPUT -p all -m state --state NEW -s 169.254.0.0/16 -j ACCEPT
-A INPUT -p all -m state --state NEW -s 172.16.0.0/12 -j ACCEPT
-A INPUT -p all -m state --state NEW -s 192.168.0.0/16 -j ACCEPT

# Accept established sessions
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow ping and ICMP error returns.
-A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT

# Allow SSH.
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT
#-A INPUT -i wlan0 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
#-A OUTPUT -o wlan0 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT

# Allow TCP traffic on port [PORT].
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED --dport [PORT] -j ACCEPT
#-A INPUT -i wlan0 -p tcp -m state --state NEW,ESTABLISHED --dport [PORT] -j ACCEPT

# Allow traffic on the TUN interface so OpenVPN can communicate with eth0.
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
#-A FORWARD -i tun+ -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#-A FORWARD -i wlan0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT

*nat
# Configure NAT
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
#-A POSTROUTING -s 10.0.0.0/24 -o wlan0 -j MASQUERADE
COMMIT