#!/bin/sh

# ln -s /etc/init.d/iptables /etc/rc2.d/S02iptables

# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
    set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
fi
### BEGIN INIT INFO
# Provides:          firewall 
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start the firewall
# Description:       Script flushes iptables rules and sets them back
#                    
#                    
#                    
#                    
#                    
### END INIT INFO

# Author: Foo Bar <foobar@baz.org>
#
# Please remove the "Author" lines above and replace them
# with your own name if you copy and modify this script.

DESC="Start firewall"
DAEMON=/usr/sbin/daemonexecutablename
NAME=iptables
DESC=iptables

# start
do_start()
{
# reset
	iptables -P INPUT ACCEPT
	iptables -P FORWARD ACCEPT
	iptables -P OUTPUT ACCEPT

	iptables -t nat -F
	iptables -t mangle -F
	iptables -F
	iptables -X

	ip6tables -P INPUT ACCEPT
	ip6tables -P FORWARD ACCEPT
	ip6tables -P OUTPUT ACCEPT

	ip6tables -t nat -F
	ip6tables -t mangle -F
	ip6tables -F
	ip6tables -X

# rules
	iptables -A INPUT -p tcp --destination-port 135 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
	iptables -A INPUT -p tcp --destination-port 139 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
	iptables -A INPUT -p tcp --destination-port 445 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
	iptables -A INPUT -p tcp --destination-port 137 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
	iptables -A INPUT -p tcp --destination-port 138 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 

	iptables -A INPUT -p tcp --destination-port 135 -j REJECT 
	iptables -A INPUT -p tcp --destination-port 139 -j REJECT 
	iptables -A INPUT -p tcp --destination-port 445 -j REJECT 
	iptables -A INPUT -p tcp --destination-port 137 -j REJECT 
	iptables -A INPUT -p tcp --destination-port 138 -j REJECT 

	ip6tables -A INPUT -p tcp --destination-port 135 -j REJECT 
	ip6tables -A INPUT -p tcp --destination-port 139 -j REJECT 
	ip6tables -A INPUT -p tcp --destination-port 445 -j REJECT 
	ip6tables -A INPUT -p tcp --destination-port 137 -j REJECT 
	ip6tables -A INPUT -p tcp --destination-port 138 -j REJECT 

}
do_status()
{
	iptables -L
}


case "$1" in
  force-reload|reload|restart|start|"")
	do_start
	;;
  bla)
	echo "Error: argument '$1' not supported" >&2
	exit 3
	;;
  stop)
	# No-op
	echo "Error: root should flush rules."
	echo "see in /root"
	;;
  status)
	do_status
	exit $?
	;;
  *)
	echo "Usage: motd [start|stop|status]" >&2
	exit 3
	;;
esac

: