empty rules
*filter
-A INPUT -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j ACCEPT



create a file:
nano /etc/iptables.test.rules
*filter

#Drop everything but our output to internet
-P FORWARD DROP
-P INPUT DROP
-P OUTPUT ACCEPT

#Allow established connections (the responses to out outgoing traffic)
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow local programs that use loopback
-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

#Allow only the HMI (ScadaBR) to talk to this PLC
-A INPUT -s 100.100.100.2 -p tcp --dport 502 -m state --state NEW -j ACCEPT


COMMIT

Activate the rules
iptables-restore < /etc/iptables.test.rules

Show the rules
iptables -L

Try Radzio! attack again
