#!/bin/bash

# Credits to Mark Schloesser, https://github.com/rep/cuckoo-contrib

iptables -F
iptables -t nat -F

OUT_DEVS="eth0 wlan0"
VBOXNET="192.168.56.0/24"

for i in $OUT_DEVS; do
    iptables -t nat -A POSTROUTING -o $i -s $VBOXNET -j MASQUERADE
done

# Default drop.
iptables -P FORWARD DROP

# Existing connections.
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Accept connections from vboxnet to the whole internet.
iptables -A FORWARD -s $VBOXNET -j ACCEPT

# Internal traffic.
iptables -A FORWARD -s 192.168.56.0/24 -d 192.168.56.0/24 -j ACCEPT

# Log stuff that reaches this point, could be noisy though.
iptables -A FORWARD -j LOG

# Actually enable forwarding of packets. This is Debian/Ubuntu specific.
echo 1 > /proc/sys/net/ipv4/ip_forward
