#!/bin/sh
  #
  # rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS
  #

 # a few variables we use
 #
 # external NIC
 EXT="eth0"
 # internal NIC
 INT="eth1"
 # external IP
 EXT_IP="129.138.32.xxx"
 # external IP range
 EXT_RANGE="129.138.32.xxx/24"
 # internal IP
 INT_IP="192.168.0.1"
 # internal IP range
 INT_RANGE="192.168.0.0/24"

 # this makes everything prettier, really
 IPT="/usr/local/sbin/iptables"

  #CRITICAL:  Enable IP forwarding since it is disabled by default since
  echo "1" > /proc/sys/net/ipv4/ip_forward

  # TCP Syncookies support
  echo 1 >/proc/sys/net/ipv4/tcp_syncookies

  #CRITICAL:  Enable automatic IP defragmenting since it is disabled by 
  #  default in 2.2.x kernels
  #
#  echo "1" > /proc/sys/net/ipv4/ip_always_defrag

  # empty iptables
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -Z
$IPT -X THREAT


  #	Start firewalling (denys and such)

  # alan's neat threat detection
. /etc/rc.d/firewall/threat.fw

  # servers which always have access (and ports, sometimes)
. /etc/rc.d/firewall/whitelist.fw

  # setup MASQ
. /etc/rc.d/firewall/masq.fw

  # DNAT
. /etc/rc.d/firewall/dnat.fw

  # basic ingress filtering
. /etc/rc.d/firewall/ingress.fw

  # basic egress filtering
. /etc/rc.d/firewall/egress.fw

  # port-based blocking
. /etc/rc.d/firewall/port.fw

  # source IP blocking
. /etc/rc.d/firewall/source.fw