#!/bin/sh
# $Id: restorefilter,v 1.6 2002/01/29 23:27:46 aleks Exp $
# Name:	       /usr/local/sbin/restorefilter
# purpose:     packetfilter for use@home  
# Author:      Alexander Stielau <aleks@buug.de>
#
# SEE ALSO:    http://www.buug.de/~aleks/iptables
#	       /usr/local/bin/packetfilter
#
# cvs-changelog
# $Log: restorefilter,v $
# Revision 1.6  2002/01/29 23:27:46  aleks
# Umstellung auf CVS-Log-IDs als Versionshistory. Mal sehen, wie das aussieht.
# :-)
#
#
#
. /etc/firewall/fw-config

$IPTABLES -F
$IPTABLES -X
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

if [ "$TESTING" = "0" ] ; then 
   $IPTABLES -P INPUT DENY
   $IPTABLES -P FORWARD DENY
   $IPTABLES -P OUTPUT DENY
 else
   $IPTABLES -P INPUT ACCEPT
   $IPTABLES -P FORWARD ACCEPT
   $IPTABLES -P OUTPUT ACCEPT
fi 
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT

echo "0" > /proc/sys/net/ipv4/ip_forward
# for debugging purposes: Print all rules after setting.

if [ "$DEBUG" = "1" ] ; then
   $IPTABLES -L -n -x -v
   $IPTABLES -L -t nat -n
fi

exit 0