#!/bin/sh

# this could be invoked from rc.local to set up firewall filtering.

# new firewalling setup.
###ipchains -P forward DENY
# this is too permissive.  what are we hoping to block?
###ipchains -A forward -j ACCEPT -b -s 14.28.42.0/24 -d 0.0.0.0/0
###ipchains -A forward -j ACCEPT -b -s 14.28.42.128/24 -d 0.0.0.0/0
###ipchains -A forward -j ACCEPT -p tcp -s 0.0.0.0/0 -d 14.28.42.3 25
###ipchains -A forward -j ACCEPT -p tcp -s 0.0.0.0/0 -d 14.28.42.2 80

# input/output rules to dictate valid sides.  this can't be used
# when there's a shunt around the gateway; that blocks the packets
# from eth1 that really are from addresses besides 14.28.42.*.
#ipchains -P input DENY
#ipchains -A input -i eth0 -s 14.28.42.1 -j ACCEPT
#ipchains -A input -i eth0 -s 14.28.42.71 -j ACCEPT
#ipchains -A input -i eth0 -s ! 14.28.42.0/24 -j ACCEPT
#ipchains -A input -i eth1 -s 14.28.42.0/24 -j ACCEPT

# masquerade setup.
#/sbin/depmod -a
#/sbin/modprobe ip_masq_ftp
#/sbin/modprobe ip_masq_raudio
#/sbin/modprobe ip_masq_irc
#ipchains -P forward DENY
#ipchains -A forward -j MASQ -s 14.28.42.0/24 -d 0.0.0.0/0
#ipchains -A forward -j MASQ -s 14.28.42.128/24 -d 0.0.0.0/0