#!/bin/sh
#
# chkconfig: 2345 11 89
#
# description: Loads the rc.firewall-2.4 ruleset.
#
# processname: firewall-2.4
# pidfile: /var/run/firewall.pid
# config: /etc/rc.d/rc.firewall-2.4
# probe: true

# ----------------------------------------------------------------------------
# v05/24/03
#
# Part of the copyrighted and trademarked TrinityOS document.
# http://www.ecst.csuchico.edu/~dranch
#
# Written and Maintained by David A. Ranch
# dranch@trinnet.net
#
# Updates
# -------
# 05/24/03 - removed a old networking up check that had some
#            improper SGML ampersand conversions.
# ----------------------------------------------------------------------------


# Source function library.
. /etc/rc.d/init.d/functions

# Check that networking is up.

[ "XXXX${NETWORKING}" = "XXXXno" ] && exit 0

[ -x /sbin/ifconfig ] || exit 0

# The location of various iptables and other shell programs
#
#   If your Linux distribution came with a copy of iptables, most
#   likely it is located in /sbin.  If you manually compiled
#   iptables, the default location is in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
IPTABLES=/usr/local/sbin/iptables


# See how we were called.
case "$1" in
  start)
    /etc/rc.d/rc.firewall-2.4
    ;;

  stop)
    echo -e "\nFlushing firewall and setting default policies to DROP\n"
    $IPTABLES -P INPUT DROP
    $IPTABLES -F INPUT
    $IPTABLES -P OUTPUT DROP
    $IPTABLES -F OUTPUT
    $IPTABLES -P FORWARD DROP
    $IPTABLES -F FORWARD
    $IPTABLES -F -t nat

    # Delete all User-specified chains
    $IPTABLES -X
    #
    # Reset all IPTABLES counters
    $IPTABLES -Z
    ;;

  restart)
        $0 stop
        $0 start
        ;;

  status)
        $IPTABLES -L
        ;;

  mlist)
    cat /proc/net/ip_conntrack
    ;;

  *)
        echo "Usage: firewall-2.4 {start|stop|status|mlist}"
        exit 1
esac

exit 0