#!/bin/sh
#
# Main file for filter rules, using iptables.
# Written by Tom Karlsson 2005-01-24.
#
# Parameters to fwrules are:
#
# refresh = Initialize or reinitialize the complete set of rules (default).
#           This will clear all statistics.
# purge   = Delete the rules declared in the fwrules files,
#           but leave all manually added rules.
# delete  = Delete all rules.
#
. /etc/config.data/kernel

#------------------
# Load filter modules
#
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe ipt_state
modprobe ipt_multiport
modprobe ip_conntrack
modprobe ipt_state
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe ip_nat_ftp
modprobe ipt_REDIRECT
modprobe ipt_iprange
modprobe ipt_pkttype
modprobe ipt_CLASSIFY
modprobe ipt_MARK
modprobe ipt_connmark
modprobe ipt_CONNMARK
modprobe ipt_layer7


source /filter/fw.conf

if [ ${1:-none} = "none" ]; then
    ACTION="refresh"
    iptables -F
    iptables -X
else
    if [ $1 != "refresh" -a $1 != "purge" -a $1 != "delete" ]; then
        echo
        echo "Usage:   $0 <refresh|purge|delete>"
        echo "Example: $0 refresh    (default)"
        echo
        exit
    fi
fi

case $1 in ( refresh ) ACTION=refresh; iptables -F; iptables -X;;
           ( purge )   ACTION=purge;;
           ( delete )  ACTION=delete; iptables -F; iptables -X; exit;;
esac

iptables --version
echo
echo "$0"

#------------------
# Set default policy
#
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT


#------------------
# Call the other modules
#
/filter/fwrules.layer7 $ACTION