$IPT -t filter -P INPUT DROP
$IPT -t filter -P OUTPUT ACCEPT
$IPT -t filter -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING DROP
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t filter -A INPUT -i lo -j ACCEPT
$IPT -t filter -A INPUT -s $NET_INT -i $IF_INT -j ACCEPT
$IPT -t filter -A INPUT -i $IF_INT -p tcp --dport 22 -j ACCEPT #SSH
$IPT -t filter -A INPUT -i $IF_INT -p tcp --dport 3128 -j ACCEPT #Proxy
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -i $IF_EXT -o $IF_INT -j ACCEPT
$IPT -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -i $IF_INT -o $IF_EXT -j ACCEPT
$IPT -t nat -A POSTROUTING -s $NET_INT -o $IF_EXT -p tcp --dport 53 -j MASQUERADE #DNS
$IPT -t nat -A POSTROUTING -s $NET_INT -o $IF_EXT -p udp --dport 53 -j MASQUERADE #DNS