#!/bin/bash

# set up firewall

case "$1" in
    start)
        echo "Starting firewall"


iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -P POSTROUTING ACCEPT -t nat
iptables -P PREROUTING ACCEPT -t nat
iptables -P OUTPUT ACCEPT -t nat


modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A OUTPUT -j ACCEPT -s 200.40.228.0/255.255.255.0  -d 0/0
iptables -A OUTPUT -j ACCEPT -s 192.168.1.0/255.255.255.0 -d 0/0
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 1352 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
iptables -A INPUT  -p tcp -m tcp --dport 4445 --syn -j ACCEPT
iptables -A INPUT  -p udp -m udp --dport 4445  -j ACCEPT
iptables -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 4592 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT

# ASTERISK
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

iptables -A INPUT -i eth0 -j  DROP
iptables -A INPUT -i eth1 -j  DROP
iptables -N dropwall
iptables -A dropwall -j DROP
iptables -A INPUT -j dropwall
    ;;
    stop)
        echo "Removing firewall"
        iptables -F
        iptables -Z
        iptables -P OUTPUT  ACCEPT
        iptables -P INPUT   ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -P dropwall ACCEPT
    ;;

    *)
        echo "$0 {start|stop}"
    ;;
esac