#!/bin/sh

#################################################################
#	GENERAL CHAINS AND RULESETS FOR IPTABLES TO USE		#
#	THAT DON'T GET LOADED WITH BASTILLE-FIREWALL...		#
#	-------------------------------------------------	#
#	CREATED: December 10, 2001				#
#	AUTHOR:  Mark D. Weaver					#
#################################################################

#################################################################
#	CHAINS TO ALLOW TWO WAY COMMUNICATION BETWEEN		#
#	THIS MACHINE AND THE ISP'S DNS SERVERS			#
#################################################################

#
# getting PUB_OUT ready cause I don't like the way Bastille is handling
# things
# flushing all the rules in PUB_OUT in favor of my ruleset
iptables -F PUB_OUT;
iptables -A PUB_OUT -p all -s 0/0 -d 0/0 -j ACCEPT;
#
# letting my machine talk to my ISP's DNS servers
#
iptables -A PUB_OUT -p all -d 199.224.86.15 -j ACCEPT;
iptables -A PUB_OUT -p all -d 199.224.86.16 -j ACCEPT;
#
# letting my ISP's DNS servers talk to my machine
#
iptables -A INPUT -p tcp -s 199.224.86.15 --dport 53 -j ACCEPT;
iptables -A INPUT -p tcp -s 199.224.86.16 --dport 53 -j ACCEPT;
iptables -A INPUT -p udp -s 199.224.86.15 --dport 53 -j ACCEPT;
iptables -A INPUT -p udp -s 199.224.86.16 --dport 53 -j ACCEPT;
iptables -A INPUT -p icmp -s 199.224.86.15 -d mdw1982.dyndns.org -j ACCEPT;
iptables -A INPUT -p icmp -s 199.224.86.16 -d mdw1982.dyndns.org -j ACCEPT;

#
# watching out for incoming packets aimed at Icecast on port 8000
#
#iptables -A INPUT -p tcp --source ! 192.168.0.0/24 --dport 8000 -j DROP
#
# getting rid of the crap from Doublclick!
#
iptables -A INPUT -p tcp -s 208.184.29.70 -j LOG --log-prefix
 "doubleclick:";
iptables -A INPUT -p tcp -s 208.184.29.70 -j DROP;
iptables -A INPUT -p udp -s 208.184.29.70 -j LOG --log-prefix
 "doubleclick:";
iptables -A INPUT -p udp -s 208.184.29.70 -j DROP;
#
# get a log for da crap!
#
#################################################################
#	CHAINS TO KEEP OUT THE DIRT BAGS THAT JUST CAN'T	#
#	BEHAVE THEMSELVES...					#
#################################################################
#
# dirt bag number 1 -
#
iptables -A INT_IN -p tcp -s 217.1.78.0 -j LOG --log-prefix "bad_guys:";
iptables -A INT_IN -p tcp -s 217.1.78.0 -j DROP;
iptables -A INT_IN -p tcp -s 217.0.186.0 -j LOG --log-prefix "bad_guys:";
iptables -A INT_IN -p tcp -s 217.0.186.0 -j DROP;
#
# log'em to check and see if they're trying to come back in
#