lsmod | grep -q "^ipchains " && rmmod ipchains
IPTABLES=/sbin/iptables
[[ "$EXTIF" ]] || EXTIF="eth0"
[[ "$INTIF" ]] || INTIF="eth1"
lsmod | grep -q "^ip_tables " || /sbin/insmod ip_tables
lsmod | grep -q "^ip_conntrack " || /sbin/insmod ip_conntrack
lsmod | grep -q "^ip_conntrack_ftp " || /sbin/insmod ip_conntrack_ftp
lsmod | grep -q "^ip_conntrack_irc " || /sbin/insmod ip_conntrack_irc
lsmod | grep -q "^iptable_nat " || /sbin/insmod iptable_nat
lsmod | grep -q "^ip_nat_ftp " || /sbin/insmod ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all