#!/bin/sh

# Credits to Mark Schloesser, https://github.com/rep/cuckoo-contrib

if [ "$#" -ne 0 ]; then
    INTERFACES="$*"
else
    INTERFACES="eth0 wlan0"
fi

iptables -F
iptables -t nat -F

VBOXNET="192.168.56.0/24"

for i in $INTERFACES; do
    iptables -t nat -A POSTROUTING -o $i -s $VBOXNET -j MASQUERADE
done

# Default drop.
iptables -P FORWARD DROP

# Existing connections.
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Accept connections from vboxnet to the whole internet.
iptables -A FORWARD -s $VBOXNET -j ACCEPT

# Internal traffic.
iptables -A FORWARD -s 192.168.56.0/24 -d 192.168.56.0/24 -j ACCEPT

# Log stuff that reaches this point, could be noisy though.
iptables -A FORWARD -j LOG

# Actually enable forwarding of packets. This is Debian/Ubuntu specific.
echo 1 > /proc/sys/net/ipv4/ip_forward
