#!/bin/sh
# rc.firewall   Linux kernel firewalling rules
FW=/sbin/ipfwadm

# Flush rules, for testing purposes
for i in I O F # A      # If we enabled accouting too
do
    ${FW} -$i -f
done

# Default policies:
${FW} -I -p rej         # Incoming policy: reject (quick error)
${FW} -O -p acc         # Output policy: accept
${FW} -F -p den         # Forwarding policy: deny

# Input Rules:

# Loopback-interface (local access, eg, to local nameserver):
${FW} -I -a acc -S localhost/32 -D localhost/32

# Local Ethernet-interface:
    
# Redirect to Squid proxy server:
${FW} -I -a acc -P tcp -D default/0 80 -r 80

# Accept packets from local network:
${FW} -I -a acc -P all -S localnet/8 -D default/0 -W eth0

# Only required for other types of traffic (FTP, Telnet):

# Forward localnet with masquerading (udp and tcp, no icmp!):
${FW} -F -a m -P tcp -S localnet/8 -D default/0
${FW} -F -a m -P udp -S localnet/8 -D default/0