#!/bin/sh

echo "Loading IP Masquerade Modules"
/sbin/depmod -a

/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive

echo "Setting IP Masq Stuff"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag

/sbin/ipchains -M -S 7200 10 160

/sbin/ipchains -P forward DENY

/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward

echo "Setting forward chain"
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ

echo "Denying unroutables"
/sbin/ipchains -A input -l -b -s 10.0.0.0/8 -j DENY
/sbin/ipchains -A input -i eth0 -b -s 192.168.0.0/16 -j DENY
/sbin/ipchains -A input -b -l -s 172.16.0.0/16 -j DENY
/sbin/ipchains -A input -i ! lo -l -b -s 127.0.0.1 -j DENY
/sbin/ipchains -A input -b -s 224.0.0.0/3 -j DENY

echo "Trashing broadcasts"
/sbin/ipchains -A input -i eth0 -p udp -d 0/0 137:138 -j DENY
/sbin/ipchains -A input -i eth0 -b -s 0.0.0.255/0.0.0.255 -l -j DENY 

echo "Allowing auth port"
/sbin/ipchains -A input -p tcp -d 0/0 113 -j ACCEPT 

echo "Getting rid of incoming privedged ports"
/sbin/ipchains -A input -l -i eth0 -p tcp -d 0/0 :1023 -j DENY
/sbin/ipchains -A input -l -i eth0 -p udp -d 0/0 :1023 -j DENY

echo "Protecting vnc ports for screen 1"
/sbin/ipchains -A input -l -i eth0 -p tcp -d 0/0 5801 -j DENY
/sbin/ipchains -A input -l -i eth0 -p tcp -d 0/0 5901 -j DENY
/sbin/ipchains -A input -l -i eth0 -p tcp -d 0/0 6001 -j DENY

echo "Filtering icmp"
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type 3 -j ACCEPT
/sbin/ipchains -A input -i eth0 -p icmp -l -j DENY 

echo "Denying incoming connections but ftp and telnet"
/sbin/ipchains -A input -i eth0 -p tcp -s 0/0 20 -y -j ACCEPT
/sbin/ipchains -A input -i eth0 -p tcp -s 129.93.0.0/16 -d 0/0 23 -y -j ACCEPT
/sbin/ipchains -A input -i eth0 -p tcp -y -l -j DENY

#echo "Setting up port forwarding to internal telnet
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L 129.93.50.1 23 -R 192.168.1.1 23