From 86dafe8dc1d319aa5b9b0cc4afb7753d330c4a9d Mon Sep 17 00:00:00 2001
From: realraum <realraum@realraum.at>
Date: Mon, 5 Jul 2010 06:36:24 +0000
Subject: [PATCH] ordentliches firewall script

---
 firewall      |   84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 firewall.conf |   19 +++++++++++++
 2 files changed, 103 insertions(+)
 create mode 100755 firewall
 create mode 100644 firewall.conf

diff --git a/firewall b/firewall
new file mode 100755
index 0000000..997d9b5
--- /dev/null
+++ b/firewall
@@ -0,0 +1,84 @@
+#!/bin/bash
+#  Firewall Script by Bernhard Tittelbach
+#
+### BEGIN INIT INFO
+# Provides:          firewall
+# Required-Start:    $syslog $local_fs $network
+# Required-Stop:     $syslog $local_fs $network
+# Should-Start:      
+# Should-Stop:       
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Firewall
+# Description:       see above
+### END INIT INFO
+
+PATH=/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+. /lib/lsb/init-functions
+
+IPTABLES=iptables
+IP6TABLES=ip6tables
+OUTPUT=$(mktemp)
+RC=0
+
+FIREWALL_CONFIG=/flash/etc/firewall.conf
+
+runrule()
+{
+  rule="$1"
+  IPT=$IPTABLES
+  if [ $(($2)) -eq 6 ]; then
+    IPT=$IP6TABLES 
+    ipv=6
+  else
+    ipv=4
+  fi
+  $IPT $rule &> $OUTPUT
+  rc=$?
+  if [ $rc -ne 0 ] ; then
+    RC=$rc
+    logger -s -i -p daemon.err "Error running ipv${ipv} rule: $rule, error was $(cat $OUTPUT)"
+  fi
+}
+
+ip4()
+{
+  runrule "$*" 4
+}
+
+ip6()
+{
+  runrule "$*" 6
+}
+
+finish()
+{
+  rm -f $OUTPUT
+}
+
+. $FIREWALL_CONFIG
+
+
+case "$1" in
+  start)	log_daemon_msg "Starting " "firewall"
+        start_firewall
+        finish
+        log_end_msg $RC
+	;;
+  stop)	log_daemon_msg "Stopping " "firewall"
+        stop_firewall
+        finish
+        log_end_msg $RC
+        ;;
+  restart)	log_daemon_msg "Restarting " "firewall"
+        stop_firewall
+        start_firewall
+        finish
+        log_end_msg $RC
+        ;;
+*)	log_action_msg "Usage: /etc/init.d/cron {start|stop|restart}"
+        exit 2
+        ;;
+esac
+exit 0
diff --git a/firewall.conf b/firewall.conf
new file mode 100644
index 0000000..ef9d1e3
--- /dev/null
+++ b/firewall.conf
@@ -0,0 +1,19 @@
+#!/bin/bash
+#Firewall Script by Bernhard Tittelbach
+#get's sourced by /etc/init.d/firewall
+
+start_firewall()
+{
+  ip4 -I FORWARD -d $(resolveip -s tv.realraum.at 2>/dev/null || echo 89.106.215.58) -p tcp --syn --dport ! 22 -j REJECT
+
+}
+
+stop_firewall()
+{
+
+  for table in INPUT FORWARD OUTPUT; do
+    ip4 -F $table
+  done
+
+}
+
-- 
1.7.10.4