# -*-sh-*-
#
# INPUT chain for scipfire
#
# $Id: INPUT,v 1.3 2001/07/29 21:23:35 scip Exp $



#
# The name of this chain
CHAIN=INPUT


#
# get the type of mode we are running under
# will be one of: start | startlog | print | stop
MODE=$1


#
# get the base path
PREFIX=$2


#
# source the config
. $PREFIX/conf/scipfire.cfg




#
# now $MODE is only start or stop!
case $MODE in
  "start")
    echo "  Initialize $CHAIN"
    #
    # initialize this chain
    $echo $iptables -F $CHAIN                # flush possibly existing rules(for restart|reload!)
    $echo $iptables -P $CHAIN $IN_POLICY     # define default policy

    #
    # allow stuff from localhost only if it's destined to localhost
    $fw -i $LO_INT -s $LO_NET -j ACCEPT

    #
    # incoming stuff from outside
    $fw -i $EX_INT -j INPUT_EXTERN

    #
    # incoming stuff from inside
    $fw -i $IN_INT -j INPUT_INTERN

    #
    # deny the rest
    $log
    $fw -j $DENY
    

    ;;
  "stop")
    echo "  Resetting $CHAIN"
    #
    # zero and delete this chain
    $iptables -F $CHAIN
    $iptables -P $CHAIN ACCEPT
    ;;
esac
