#!/sbin/runscript
# Brian Bothwell's Firewall Script

opts="start stop"

# Some default network security settings
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

depend() {
	need logger net
}

start() {
	ebegin "Starting Firewall"

	# Flushing Chains
	iptables -F INPUT
	iptables -F OUTPUT

	# Setting Default Policies
	iptables -P INPUT ACCEPT
	iptables -P OUTPUT ACCEPT

	# Creating LOGDROP Chain
	iptables -F LOGDROP 2>/dev/null
	iptables -X LOGDROP 2>/dev/null
	iptables -N LOGDROP
	iptables -A LOGDROP -j LOG
	iptables -A LOGDROP -j DROP

	# Fix For iptables Bug (obsolete?)
	iptables -A OUTPUT -m state -p icmp --state INVALID -j LOGDROP

	# Allowing Already Established Connections
	iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Allowing Known Services
	## FTP & SSH
	iptables -A INPUT --proto tcp -i eth0 --destination-port 20:22 -j ACCEPT

	## Telnet
	#iptables -A INPUT --proto tcp -i eth0 --destination-port 23 -j ACCEPT

	## Mail
	iptables -A INPUT --proto tcp -i eth0 --destination-port 25 -j ACCEPT
	iptables -A INPUT --proto tcp -i eth0 --destination-port 110 -j ACCEPT

	## HotwayD
	iptables -A INPUT --proto tcp -i eth0 --destination-port 1010 -j ACCEPT
	
	## HTTP & HTTPS
	iptables -A INPUT --proto tcp -i eth0 --destination-port 80 -j ACCEPT
	iptables -A INPUT --proto tcp -i eth0 --destination-port 443 -j ACCEPT

	## IDENTD
	iptables -A INPUT --proto tcp -i eth0 --destination-port 113 -j ACCEPT

	## User Ports
	iptables -A INPUT --proto tcp -i eth0 --destination-port 1024:65535 -j ACCEPT
	iptables -A INPUT --proto udp -i eth0 --destination-port 1024:65535 -j ACCEPT

	## DNS
	iptables -A INPUT --proto tcp -i eth0 --destination-port 53 -j ACCEPT
	iptables -A INPUT --proto udp -i eth0 --destination-port 53 -j ACCEPT

	## Talk
	#iptables -A INPUT --proto udp -i eth0 --destination-port 517:518 -j ACCEPT

	## ICMP Replies
	iptables -A INPUT -i eth0 --proto icmp -j ACCEPT

	## All IPv6 Traffic
	# iptables -A INPUT -i eth0 --proto 41 -j ACCEPT

	# Denying Everything Else
	iptables -A INPUT -i eth0 -j LOGDROP

	eend $?
}

stop() {
	ebegin "Stopping Firewall"
	# Flush Rules
	iptables -F INPUT
	iptables -F OUTPUT
	iptables -F LOGDROP 2>/dev/null
	iptables -X LOGDROP 2>/dev/null

	# Reset Default Policies
	iptables -P INPUT ACCEPT
	iptables -P OUTPUT ACCEPT

	eend $?
}