Hello Drunk
It looks like you basically want to let everything outbound and only 22(ssh) and 80(http) 5901(vnc)inbound. I don't really understand what you mean by "forward all incoming traffic from eth0 and forward everything to eth1", are you trying to set this box up as a router? If so I can help with that too, however this script doesn't do that.
Code:
#!/bin/sh
# VARIABLES
IPT=/sbin/iptables
ALLOWED_TCP_PORTS="22 80 5901"
ALLOWED_UDP_PORTS=""
# SET DEFAULT POLICY
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
# ALLOW RELATED TRAFFIC BACK IN
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# OPEN INBOUND TCP PORTS
for i in ${ALLOWED_TCP_PORTS};do
$IPT -A INPUT -p tcp --dport $i -j ACCEPT
done
# OPEN INBOUND UDP PORTS
for i in ${ALLOWED_UDP_PORTS};do
$IPT -A INPUT -j -p udp --dport $i -j ACCEPT
done