#!/bin/sh 
#
#  This is automatically generated file. DO NOT MODIFY !
#
#  Firewall Builder  fwb_ipt v1.0.8-3 
#
#  Generated Tue Jan  7 01:25:26 2003 CST by root
#
#
#
#
check() {
  if test ! -x "$1"; then
    echo "$1 not found or is not executable"
    exit 1
  fi
}

log() {
  if test -x "$LOGGER"; then
    logger -p info "$1"
  fi
}

MODPROBE="/sbin/modprobe"
IPTABLES="/sbin/iptables"
IP="/sbin/ip"
LOGGER="/usr/bin/logger"

check $MODPROBE
check $IPTABLES
check $IP

cd /etc || exit 1

log "Activating firewall script generated Tue Jan  7 01:25:26 2003 CST by root"

va_num=1


FWD=`cat /proc/sys/net/ipv4/ip_forward`
echo "0" > /proc/sys/net/ipv4/ip_forward

echo 1 > /proc/sys/net/ipv4/ip_dynaddr

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_intvl

$IP -4 neigh flush dev eth0
$IP -4 addr flush dev eth0 label "eth0:FWB*"


$IPTABLES -P OUTPUT  DROP
$IPTABLES -P INPUT   DROP
$IPTABLES -P FORWARD DROP



cat /proc/net/ip_tables_names | while read table; do
  $IPTABLES -t $table -L -n | while read c chain rest; do
      if test "X$c" = "XChain" ; then
        $IPTABLES -t $table -F $chain
      fi
  done
  $IPTABLES -t $table -X
done



MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/" 
MODULES=`(cd $MODULE_DIR; ls *_conntrack_*  *_nat_* | sed 's/\.o.*$//')`
for module in $(echo $MODULES); do 
  if [ -e "${MODULE_DIR}/${module}.o" -o -e "${MODULE_DIR}/${module}.o.gz" ]; then 
    $MODPROBE ${module} ||  exit 1 
  fi 
done


#
#  Rule 0(NAT)
# 
# 
$IPTABLES -t nat -A POSTROUTING -o ppp0  -s WWW.XXX.Y.ZZ -j MASQUERADE  
#
#


$IPTABLES -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# 
# Rule 0(lo)
# 
# allow everything on loopback
# 
$IPTABLES -A INPUT  -i lo -j ACCEPT 
$IPTABLES -A FORWARD  -i lo -j ACCEPT 
$IPTABLES -A OUTPUT  -o lo -j ACCEPT 
$IPTABLES -A FORWARD  -o lo -j ACCEPT 
# 
# Rule 0(global)
# 
# 'masquerading' rule
# 
$IPTABLES -A INPUT  -s WWW.XXX.Y.ZZ  -m state --state NEW -j ACCEPT 
$IPTABLES -A OUTPUT  -m state --state NEW -j ACCEPT 
# 
# Rule 1(global)
# 
# 'catch all' rule
# 
$IPTABLES -N RULE_1
$IPTABLES -A OUTPUT -j RULE_1 
$IPTABLES -A INPUT -j RULE_1 
$IPTABLES -A FORWARD -j RULE_1 
$IPTABLES -A RULE_1 -j LOG  --log-level warning --log-prefix " ++CatchAll++ " 
$IPTABLES -A RULE_1 -j DROP 
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward