###################
# Firewall rules
# port based silliness
###################

  # block access to X server (if it's running) from the external interface
  # off because I do xforwarding
#$IPT -t filter -A INPUT -p tcp -i $EXT --dport 6000 -j LOG
#$IPT -t filter -A INPUT -p tcp -i $EXT --dport 6000 -j DROP
#$IPT -t filter -A INPUT -p udp -i $EXT --dport 6000 -j LOG
#$IPT -t filter -A INPUT -p udp -i $EXT --dport 6000 -j DROP

  # block access to mysql from external interface
  # turn this on when mysql is installed again
#$IPT -t filter -A INPUT -p tcp -i $EXT --dport 3306 -j LOG
#$IPT -t filter -A INPUT -p tcp -i $EXT --dport 3306 -j DROP
#$IPT -t filter -A INPUT -p udp -i $EXT --dport 3306 -j LOG
#$IPT -t filter -A INPUT -p udp -i $EXT --dport 3306 -j DROP

  # block access to telnet, it's closed
$IPT -t filter -A INPUT -p tcp -i $EXT --dport 23 -j LOG
$IPT -t filter -A INPUT -p tcp -i $EXT --dport 23 -j DROP
$IPT -t filter -A INPUT -p udp -i $EXT --dport 23 -j LOG
$IPT -t filter -A INPUT -p udp -i $EXT --dport 23 -j DROP

  # webmin block (stupid program)
$IPT -t filter -A INPUT -p tcp -i $EXT --dport 10000 -j LOG
$IPT -t filter -A INPUT -p tcp -i $EXT --dport 10000 -j DROP
$IPT -t filter -A INPUT -p udp -i $EXT --dport 10000 -j LOG
$IPT -t filter -A INPUT -p udp -i $EXT --dport 10000 -j DROP

  # SUN RPC block, sadmind worm among others
$IPT -t filter -A INPUT -p tcp -i $EXT --dport 111 -j LOG
$IPT -t filter -A INPUT -p tcp -i $EXT --dport 111 -j DROP
$IPT -t filter -A INPUT -p udp -i $EXT --dport 111 -j LOG
$IPT -t filter -A INPUT -p udp -i $EXT --dport 111 -j DROP

  # bootp servers, ignore
  #  don't log, waste of time
$IPT -t filter -A INPUT -p tcp -i $EXT --dport 67 -d 255.255.255.255 -j DROP
$IPT -t filter -A INPUT -p udp -i $EXT --dport 67 -d 255.255.255.255 -j DROP