#!/bin/sh

iptables=/usr/sbin/iptables

$iptables -F INPUT
$iptables -F OUTPUT
$iptables -F FORWARD

$iptables -P INPUT DROP
$iptables -P OUTPUT DROP
$iptables -P FORWARD DROP

# prepare for accounting
$iptables -F GPRS
$iptables -N GPRS

# my laptop and me
$iptables -A INPUT  -i usb0 -s 192.168.0.200 -j ACCEPT
$iptables -A OUTPUT -o usb0 -d 192.168.0.200 -j ACCEPT

# allow outgoing NEW traffic regardless of interface
$iptables -A OUTPUT  -m state --state NEW,ESTABLISHED    -j ACCEPT

# allow incoming related traffic regardless of interface
$iptables -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT

# accounting
$iptables -A OUTPUT  -o ppp0 -j GPRS
$iptables -A FORWARD -o ppp0 -j GPRS
$iptables -A INPUT   -i ppp0 -j GPRS

# forward and masquerade traffic from my computer
$iptables -A FORWARD -i usb0 -o ppp0 -s 192.168.0.200 -m state --state NEW,ESTABLISHED     -j ACCEPT
$iptables -A FORWARD -i ppp0 -o usb0 -d 192.168.0.200 -m state --state RELATED,ESTABLISHED -j ACCEPT
$iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE