#!/bin/sh

# very simple firewall to run on a single system (1 nic only, not a 2 or 3 way firewall)
# created from, and to replace, the original RH iptables init script


#
IPTABLES=/sbin/iptables
# Include the network & function libraries.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# exit if network and iptables are not ok.

if [ ${NETWORKING} = "no" ]
then
        echo "No Networking!"
        exit 0
fi

if [ ! -x $IPTABLES ]; then
    echo "Can't Start IPTABLES binary!"
    exit 0
fi
##----------------------------------------------------
# Use "case" to allow start, stop, status etc.

start() {

EXT_IF="eth0"
LOOPBACK="lo"

#
EXT_IP="`ifconfig $EXT_IF | grep inet | cut -d : -f 2 | cut -d \  -f 1`"
MYPC_IP="192.168.0.10

$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT REJECT

# local loopback needs in & out
$IPTABLES -A INPUT -i $LOOPBACK -j ACCEPT
$IPTABLES -A OUTPUT -o $LOOPBACK -j ACCEPT

$IPTABLES -A INPUT -i $EXT_IF -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -p tcp -s $MYPC_IP --dport 23 -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m limit -j LOG --log-prefix "NetF INPUT CHAIN: "
$IPTABLES -A INPUT -j DROP
$IPTABLES -A FORWARD -j DROP
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -j REJECT
# if you want outbound access, remove above 2 lines and change the the earlier #line of "$IPTABLES -P OUTPUT REJECT" from REJECT to ACCEPT 

touch /var/lock/subsys/iptables

# end of Rules #
}
### End if first case, start of other options ###
stop() {
        echo -n "Shutting Firewalling: "
    $IPTABLES -F
    $IPTABLES -P INPUT   ACCEPT
    $IPTABLES -P OUTPUT  ACCEPT
    $IPTABLES -P FORWARD ACCEPT

  rm -f /var/lock/subsys/iptables

}
##----------------------------------------------------
case "$1" in
  start)
        start
        ;;
##
  stop)
        stop
        ;;

  restart|reload)
        $0 stop
        $0 start
        ;;
##
 list)
     $IPTABLES -L -n
     ;;
##
  *)
        echo "Usage: $IPTABLES {start|stop|restart|reload|list} (list is iptables -L -n)"
        exit 1