#!/bin/sh

#
# ASFF - A Small Fucking Firewall, by SinusPL
# Version 0.6
#

# Internet-IP
IP_INET="1.2.3.4"

# Interface to internet
DEV_INET="ppp0"

# TCP ports that should be open
TCPOP="22 25 80"

# UDP ports that should be open
UDPOP="53"

# iptables
IPT=/sbin/iptables

# flush all
$IPT --flush

# tcp open ports
for PORT in $TCPOP
do
	$IPT -t filter -A INPUT -p tcp -m tcp -i $DEV_INET -d $IP_INET --dport $PORT -j ACCEPT
done

# udp open ports
for PORT in $UDPOP
do
	$IPT -t filter -A INPUT -p udp -m udp -i $DEV_INET -d $IP_INET --dport $PORT -j ACCEPT
done

# allow from me to any
$IPT -t filter -A OUTPUT -p tcp -m tcp -s $IP_INET -d 0.0.0.0 -j ACCEPT

# bad packets stop here ;-)
$IPT -t filter -A INPUT -p tcp -m tcp -i $DEV_INET -d $IP_INET -j DROP
$IPT -t filter -A INPUT -p udp -m udp -i $DEV_INET -d $IP_INET -j DROP

# exit graceful
exit 0