#!/bin/sh

# - Basic firewall rules for IPFWADM
# - Change the IP(s) to your setting
# - Don't forget to chmod 755 this file
# - Place this script in /etc/rc.d
# - Edit rc.local and insert a line something like this
# - /etc/rc.d/rc.firewall
# - Good luck!
# - Script by Maznan Deraman

#Flush all rules first
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f

#Allow access to anywhere from this IP(s)
#/sbin/ipfwadm -I -a accept -S 192.168.1.4  #cyberstore
#/sbin/ipfwadm -I -a accept -S 192.168.1.11 #cyberserv

#deny ICMP(ping)
#/sbin/ipfwadm -I -a deny -P icmp

#Only allow access from this IP(s) using this ports
#/sbin/ipfwadm -I -a accept -P tcp -S 192.168.1.141/32 -D 0.0.0.0/0 8800
#/sbin/ipfwadm -I -a accept -P tcp -S 192.168.1.142/32 -D 0.0.0.0/0 8800

#BAN Access for all services from this IP(s)
#/sbin/ipfwadm -I -a reject -S 192.168.1.141      #showroom_pc1
#/sbin/ipfwadm -I -a reject -S 192.168.1.142      #showroom_pc2

#Ban access to website by this IP(s)
#/sbin/ipfwadm -I -a reject -P tcp -S 192.168.1.48/32 -D 0.0.0.0/0 80

#only allow this service(s)
#/sbin/ipfwadm -I -a accept -P tcp -S 192.168.0.0/24 -D 0.0.0.0/0 7070

# no irc/chat or other prohibit service(s)
#/sbin/ipfwadm -I -a reject -P tcp -S 192.168.1.0/24 -D 0.0.0.0/0 6660:7777

#now set the forwarding rules
/sbin/ipfwadm -F -p deny

# Setting masquerading
/sbin/ipfwadm -F -a masquerade -S 192.168.1.0/24 -D 0.0.0.0/0