#!/bin/sh
#
# firewall		This script start firewall
# chkconfig: 2345 98 99
# description: firewall setting
IPTABLES="/sbin/iptables"
start() {
	# the begining
	$IPTABLES -F
	# IP MASQUERADE
#	/sbin/modprobe iptable_nat;echo 1 > /proc/sys/net/ipv4/ip_forward
	# default policy OK
	$IPTABLES -P INPUT ACCEPT;$IPTABLES -P OUTPUT ACCEPT
	$IPTABLES -P FORWARD ACCEPT

	#local loop back OK
	$IPTABLES -A INPUT -i lo -j ACCEPT

	$IPTABLES -A INPUT -p tcp --dport 1024: ! --syn -j ACCEPT

	$IPTABLES -A INPUT -s 192.168.20.0/24 -i eth1 -j ACCEPT
	
	$IPTABLES -A INPUT -p udp --dport 1024: --sport 53 -j ACCEPT

	$IPTABLES -t nat -A POSTROUTING -s 192.168.20.0/24 -d 0/0 -o ppp0 -j MASQUERADE 

	$IPTABLES -A FORWARD -i ! eth1 -m state --state NEW,INVALID -j DROP

#	$IPTABLES -A INPUT -i ! lo -j DROP
}
stop() {
	$IPTABLES -F
}
case "$1" in
	start)
		echo -n "Starting firewall:";start;echo;;
	stop)
		echo -n "Shutting down firewall:";stop;echo;;
	status)
		$IPTABLES -L;;
	*)
		echo "Usage: firewall {start|stop|status}";exit 1
esac
exit 0
