#!/bin/bash
interface=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
cat >/etc/iptables/rules.v4 <<-END
# Generated by xtables-save v1.8.2 on Tue Jul  4 23:37:53 2023
*filter
:INPUT ACCEPT [1423:15108189]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1407:131528]
-A INPUT -p tcp -m tcp --dport 10015 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10012 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10011 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10008 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10007 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10006 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10005 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10004 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10003 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10002 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 109 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 169 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 88 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 68 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 2200 -j ACCEPT
-A INPUT -p udp -m udp --dport 2100 -j ACCEPT
-A INPUT -p udp -m udp --dport 5300 -j ACCEPT
-A INPUT -p udp -m udp --dport 7100 -j ACCEPT
-A INPUT -p udp -m udp --dport 7200 -j ACCEPT
-A INPUT -p udp -m udp --dport 7300 -j ACCEPT
-A FORWARD -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "peer_id=" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string ".torrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "torrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "announce" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "info_hash" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "/default.ida?" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string ".exe?/c+dir" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string ".exe?/c_tftp" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "peer_id" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "BitTorrent" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "BitTorrent protocol" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "bittorrent-announce" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "announce.php?passkey=" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "find_node" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "info_hash" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "get_peers" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "announce" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "announce_peers" --algo kmp --to 65535 -j DROP
COMMIT
# Completed on Tue Jul  4 23:37:53 2023
# Generated by xtables-save v1.8.2 on Tue Jul  4 23:37:53 2023
*nat
:PREROUTING ACCEPT [18:1004]
:INPUT ACCEPT [18:1004]
:POSTROUTING ACCEPT [79:4815]
:OUTPUT ACCEPT [79:4815]
-A PREROUTING -i $interface -p udp -m udp --dport 53 -j REDIRECT --to-ports 5300
-A POSTROUTING -s 10.8.0.0/24 -o $interface -j MASQUERADE
-A POSTROUTING -s 20.8.0.0/24 -o $interface -j MASQUERADE
COMMIT
# Completed on Tue Jul  4 23:37:53 2023

END

cat >/etc/iptables/rules.v6 <<-END
# Generated by xtables-save v1.8.2 on Tue Jul  4 23:37:53 2023
*filter
:INPUT ACCEPT [1:48]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:96]
COMMIT
# Completed on Tue Jul  4 23:37:53 2023
END

netfilter-persistent reload
systemctl restart netfilter-persistent