<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Firewall And Proxy Server HOWTO: APPENDEX A - �$B%9%/%j%W%H$NNc�(B</TITLE>
<LINK HREF="Firewall-HOWTO-16.html" REL=next>
<LINK HREF="Firewall-HOWTO-14.html" REL=previous>
<LINK HREF="Firewall-HOWTO.html#toc15" REL=contents>
</HEAD>
<BODY>
<A HREF="Firewall-HOWTO-16.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="Firewall-HOWTO-14.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="Firewall-HOWTO.html#toc15">�$BL\<!$X�(B</A>
<HR>
<H2><A NAME="s15">15. APPENDEX A - �$B%9%/%j%W%H$NNc�(B</A></H2>
<P>
<P>
<H2><A NAME="ss15.1">15.1 GFCC �$B$rMQ$$$?�(B RC �$B%9%/%j%W%H�(B</A>
</H2>
<P>
<PRE>
#!/bin/bash
#
# Firewall Script - Version 0.9.1
#
# chkconfig: 2345 09 99
# �$B35MW�(B: 2.2.x �$B%+!<%M%kMQ%U%!%$%"%&%)!<%k%9%/%j%W%H�(B
# �$B%F%9%H$N:]$K$O�(B
# -x �$B$rDI2C$9$k$3$H!#�(B
#
# �$BCm0U�(B -
#
# �$B$3$N%9%/%j%W%H$O�(B RedHat 6.0 �$B5Z$S$=$l0J9_$N%P!<%8%g%s8~$1$K=q$+$l$F�(B
# �$B$$$^$9!#�(B
#
# �$B%&%'%V$d�(B ftp �$B%5!<%P$N$h$&$J8x3+%5!<%S%9$rDs6!$9$k>l9g$OCm0U$7$F�(B
# �$B$/$@$5$$!#�(B
#
# �$B%$%s%9%H!<%k�(B -
# 1. /etc/rc.d/init.d �$B$NCf$K$3$N%U%!%$%k$rCV$-$^$9!#�(B
# (root �$B$K$J$i$J$1$l$P$J$i$J$$$G$7$g$&�(B...)
# "firewall" �$B$N$h$&$JL>A0$K$7$^$9�(B :-)
# �$B=jM-8"$r�(B root �$B$K$7$^$9�(B --> "chown root.root (�$B%U%!%$%kL>�(B)"
# �$B<B9TB0@-$rN)$F$^$9�(B --> "chmod 755 (�$B%U%!%$%kL>�(B)"
#
# 2. �$B%U%!%$%"%&%)!<%k%k!<%k$r:n$k0Y$K�(B GFCC �$B$r;H$$!"�(B
# �$B%U%!%$%k�(B /etc/gfcc/rules/firewall.rule.sh �$B$K=q$-<L$7$^$9!#�(B
#
# 3. RedHat �$B$N�(B init �$B%9%/%j%W%H$K%U%!%$%"%&%)!<%k$r�(B
# �$BDI2C$7$^$9�(B --> "chkconfig --add (�$B%U%!%$%kL>�(B)"
# �$B<!2s%k!<%?$r5/F0$9$k$H�(B firewall �$B%5!<%S%9$,<+F0E*$K5/F0$9$k$O$:$G$9�(B!
# *�$BA0$h$j>/$7$O�(B* �$B@H<e$G$J$/$J$C$F$$$k$N$G!"Lk$O$0$C$9$j?2$F$/$@$5$$!#�(B
#
# �$B%j%j!<%9%N!<%H�(B
# 30 Jan, 2000 - GFCC �$B%9%/%j%W%H$KJQ99�(B
# 11 Dec, 1999 - Mark Grennan <mark@grennan.com> �$B$K$h$k99?7�(B
# 20 July, 1999 - �$B:G=i$N:nIJ�(B - Anthony Ball <tony@LinuxSIG.org>
#
################################################
# �$B4X?t%i%$%V%i%j$rFI$_9~$_$^$9!#�(B
. /etc/rc.d/init.d/functions
# �$B%M%C%H%o!<%/@_Dj$rFI$_9~$_$^$9!#�(B
. /etc/sysconfig/network
# �$B%M%C%H%o!<%/$,5/F0$7$F$$$k$+%A%'%C%/$7$^$9!#�(B
[ ${NETWORKING} = "no" ] && exit 0
# �$B2?$,8F$S=P$5$l$?$+$r8+$^$9!#�(B
case "$1" in
start)
# �$B%"%/%;%95!G=$NDs6!$r3+;O$7$^$9!#�(B
action "Starting firewall: " /bin/true
/etc/gfcc/rules/firewall.rule.sh
action "Loading firewall modules: " /bin/true
# /sbin/insmod ip_masq_autofw
# /sbin/insmod ip_masq_suseeme
/sbin/insmod ip_masq_ftp
/sbin/insmod ip_masq_irc
# /sbin/insmod ip_masq_mfw
# /sbin/insmod ip_masq_portfw
# /sbin/insmod ip_masq_quake
/sbin/insmod ip_masq_raudio
# /sbin/insmod ip_masq_user
# /sbin/insmod ip_masq_vdolive
echo
;;
stop)
action "Stoping firewall: " /bin/true
echo 0 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
echo
;;
restart)
action "Restarting firewall: " /bin/true
$0 stop
$0 start
echo
;;
status)
# �$B@_DjFbMF$r%j%9%HI=<($7$^$9!#�(B
/sbin/ipchains -L
;;
test)
action "Test Mode firewall: " /bin/true
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -A input -j ACCEPT
/sbin/ipchains -A output -j ACCEPT
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $PUBLIC -j MASQ
echo
;;
*)
echo "Usage: $0 {start|stop|restart|status|test}"
exit 1
esac
</PRE>
<P>
<P>
<H2><A NAME="ss15.2">15.2 GFCC �$B%9%/%j%W%H�(B</A>
</H2>
<P>�$B$3$N%9%/%j%W%H$O�(B Graphical Firewall program (GFCC) �$B$K$h$C$F�(B
�$B@8@.$5$l$^$7$?!#�(B
�$B$3$l$OF0:n$9$k%k!<%k%;%C%H$G$O$"$j$^$;$s!#�(B
�$BE><L$5$l$?%k!<%k%;%C%H$G$9!#�(B
<P>
<PRE>
#!/bin/sh
# Gtk+ �$B%U%!%$%"%&%)!<%k%3%s%H%m!<%k%;%s%?!<$,@8@.$7$^$7$?!#�(B
IPCHAINS=/sbin/ipchains
localnet="192.168.1.0/24"
firewallhost="192.168.1.1/32"
localhost="172.0.0.0/8"
DNS1="24.94.163.119/32"
DNS2="24.94.163.124/32"
Broadcast="255.255.255.255/32"
Multicast="224.0.0.0/8"
Any="0.0.0.0/0"
mail_grennan_com="192.168.1.1/32"
mark_grennan_com="192.168.1.3/32"
$IPCHAINS -P input DENY
$IPCHAINS -P forward ACCEPT
$IPCHAINS -P output ACCEPT
$IPCHAINS -F
$IPCHAINS -X
# input �$B%k!<%k�(B
$IPCHAINS -A input -s $Any -d $Broadcast -j DENY
$IPCHAINS -A input -p udp -s $Any -d $Any netbios-ns -j DENY
$IPCHAINS -A input -p tcp -s $Any -d $Any netbios-ns -j DENY
$IPCHAINS -A input -p udp -s $Any -d $Any netbios-dgm -j DENY
$IPCHAINS -A input -p tcp -s $Any -d $Any netbios-dgm -j DENY
$IPCHAINS -A input -p udp -s $Any -d $Any bootps -j DENY
$IPCHAINS -A input -p udp -s $Any -d $Any bootpc -j DENY
$IPCHAINS -A input -s $Multicast -d $Any -j DENY
$IPCHAINS -A input -s $localhost -d $Any -i lo -j ACCEPT
$IPCHAINS -A input -s $localnet -d $Any -i eth1 -j ACCEPT
$IPCHAINS -A input -s $localnet -d $Broadcast -i eth1 -j ACCEPT
$IPCHAINS -A input -p icmp -s $Any -d $Any -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any -j ACCEPT ! -y
$IPCHAINS -A input -p udp -s $DNS1 domain -d $Any 1023:65535 -j ACCEPT
$IPCHAINS -A input -p udp -s $DNS2 domain -d $Any 1023:65535 -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any ssh -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any telnet -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any smtp -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any pop-3 -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any auth -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any www -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $Any ftp -j ACCEPT
$IPCHAINS -A input -s $Any -d $Any -j DENY -l
# forward �$B%k!<%k�(B
$IPCHAINS -A forward -s $localnet -d $Any -j MASQ
# output �$B%k!<%k�(B
</PRE>
<P>
<H2><A NAME="ss15.3">15.3 GFCC �$B$r;H$o$J$$�(B RC �$B%9%/%j%W%H�(B</A>
</H2>
<P>�$B$3$l$O<j=q$-$G9=C[$7$?%U%!%$%"%&%)!<%k$N%k!<%k%;%C%H$G$9!#�(B
GFCC �$B$O;H$$$^$;$s!#�(B
<P>
<PRE>
#!/bin/bash
#
# Firewall Script - Version 0.9.0
# chkconfig: 2345 09 99
# �$B35MW�(B: 2.2.x �$B%+!<%M%kMQ%U%!%$%"%&%)!<%k%9%/%j%W%H�(B
# �$B%F%9%H$N:]$K$O�(B
# -x �$B$rDI2C$9$k$3$H!#�(B
#
# �$BCm0U�(B -
#
# �$B$3$N%9%/%j%W%H$O�(B RedHat 6.0 �$B5Z$S$=$l0J9_$N%P!<%8%g%s8~$1$K=q$+$l$F$$$^$9!#�(B
#
# �$B$3$N%U%!%$%"%&%)!<%k%9%/%j%W%H$O!"BgItJ,$N%@%$%"%k%"%C%W$+%1!<%V%k%b%G%`�(B
# �$B$r;HMQ$7$?%k!<%?$GF0$/H&$G$9!#�(B
# RedHat �$B%G%#%9%H%j%S%e!<%7%g%sMQ$K:n@.$7$^$7$?!#�(B
#
# web �$B$d�(B ftp �$B%5!<%P$N$h$&$J8x3+%5!<%S%9$rDs6!$9$k>l9g$OCm0U$7$F$/$@$5$$!#�(B
#
# �$B%$%s%9%H!<%k�(B -
# 1. �$B$3$N%U%!%$%k$O�(B RedHat �$B%7%9%F%`MQ$K:n$i$l$F$$$^$9!#$3$N$^$^$GB>$N�(B
# �$B%G%#%9%H%j%S%e!<%7%g%s$G$bF0$/$H;W$$$^$9$,!"$b$&0lEY3NG'$7$?J}$,�(B
# �$B$$$$$G$7$g$&!#�(B
# �$B$b$7$+$7$FF0$+$J$$$+$b$7$l$J$$$+$i�(B?!!?
# �$B$3$l$i$N<j=g$O�(B RedHat �$B%7%9%F%`$KE,MQ$7$^$9!#�(B
#
# 2. /etc/rc.d/init.d �$B$NCf$K$3$N%U%!%$%k$rCV$-$^$9�(B (root �$B$K$J$C$F�(B...)
# "firewall" �$B$N$h$&$JL>A0$K$7$^$9�(B :-)
# �$B=jM-8"$r�(B root �$B$K$7$^$9�(B --> "chown root.root <�$B%U%!%$%kL>�(B>"
# �$B<B9T8"$r$D$1$^$9�(B --> "chmod 755 <�$B%U%!%$%kL>�(B>"
#
# 3. �$B%M%C%H%o!<%/!";HMQ$9$k%$%s%?!<%U%'!<%9!"�(BDNS �$B%5!<%P$N@_Dj$r$7$^$9!#�(B
# uncomment �$B$G;O$^$k9T$N2<$G!"<uIU$1%5!<%S%9$rA*Br$7M-8z$K$7$^$9!#�(B
# "eth0" �$B$,;HMQ$9$k�(B NIC �$B$+3NG'$7$^$9�(B (�$B0?$O$"$J$?$N%7%9%F%`$N%M%C%H%o!<%/�(B
# �$B%$%s%?!<%U%'!<%9L>$KJQ99$7$^$9�(B)�$B!#�(B
# �$B%F%9%H$9$k$K$O�(B --> "/etc/rc.d/init.d/<�$B%U%!%$%kL>�(B> start"
# �$B%k!<%k$r0lMw$9$k$K$O�(B --> "ipchains -L -n"
# �$B8m$j$,$"$l$P=$@5$7$^$7$g$&�(B... :-)
#
# 4. RedHat �$B$N�(B init �$B%9%/%j%W%H$K%U%!%$%"%&%)!<%k$rDI2C$7$^$9�(B
# --> "chkconfig --add <�$B%U%!%$%kL>�(B>"
# �$B<!2s%k!<%?$r5/F0$9$k$H�(B firewall �$B%5!<%S%9$,<+F0E*$K5/F0$9$k$O$:$G$9!*�(B
# *�$BA0$h$j>/$7$O�(B* �$B@H<e$G$J$/$J$C$F$$$k$N$G!"Lk$O$0$C$9$j?2$F$/$@$5$$!#�(B
#
# �$B%j%j!<%9%N!<%H�(B
# 20 July, 1999 - �$B:G=i$N:nIJ�(B - Anthony Ball <tony@LinuxSIG.org>
# 11 Dec, 1999 - Mark Grennan <mark@grennan.com> �$B$K$h$k99?7�(B
#
################################################
# �$B$"$J$?$N%m!<%+%k%M%C%H%o!<%/$KE,9g$9$kCM$r5-F~$7$F$/$@$5$$!#�(B
PRIVATENET=xxx.xxx.xxx.xxx/xx
PUBLIC=ppp0
PRIVATE=eth0
# �$B$"$J$?$N�(B dns �$B%5!<%P$N@_Dj�(B
DNS1=xxx.xxx.xxx.xxx
DNS2=xxx.xxx.xxx.xxx
################################################
# �$B%M%C%H%o!<%/$N@_Dj$KMQ$$$kHFMQE*$JCM$rDj5A$7$^$9!#�(B
ANY=0.0.0.0/0
ALLONES=255.255.255.255
# �$B4X?t%i%$%V%i%j$rFI$_9~$_$^$9!#�(B
. /etc/rc.d/init.d/functions
# �$B%M%C%H%o!<%/@_Dj$rFI$_9~$_$^$9!#�(B
. /etc/sysconfig/network
# �$B%M%C%H%o!<%/$,5/F0$7$F$$$k$+%A%'%C%/$7$^$9!#�(B
[ ${NETWORKING} = "no" ] && exit 0
# �$B2?$,8F$S=P$5$l$?$+$r8+$^$9!#�(B
case "$1" in
start)
# �$B%"%/%;%95!G=$NDs6!$r3+;O$7$^$9!#�(B
action "Starting firewall: " /bin/true
##
## �$B4D6-@_Dj�(B
##
# �$BA4$F$N%A%'%$%s$N%j%9%H$rA4>C5n$7$^$9!#�(B
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
# input �$B%A%'%$%s$K38$r$+$V$;$F!"A4$F$N%]!<%H$r$U$5$.$^$9!#�(B
/sbin/ipchains -I input 1 -j DENY
# �$B%]%j%7!<$rH]Dj�(B (DENY) �$B$K@_Dj$7$^$9!#�(B (�$B%G%U%)%k%H$O�(BACCEPT)
/sbin/ipchains -P input DENY
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward ACCEPT
# �$B%Q%1%C%H%U%)%o!<%G%#%s%0$rM-8z$K$7$^$9!#�(B
echo 1 > /proc/sys/net/ipv4/ip_forward
##
## �$B%b%8%e!<%k$N%$%s%9%H!<%k�(B
##
# �$B%"%/%F%#%V�(B ftp �$B%b%8%e!<%k$rFI$_9~$_$^$9!#�(B
# �$B%m!<%+%k%M%C%H%o!<%/>e$N%^%7%s$KHs%Q%C%7%t�(B ftp �$B%"%/%;%9$,�(B
# �$B$G$-$k$h$&$K$7$^$9!#�(B
# (�$BC"$7!"%k!<%?<+?H$O%^%9%+%l!<%I$5$l$F$$$J$$$N$G=|30$5$l$^$9!#�(B)
if ! ( /sbin/lsmod | /bin/grep masq_ftp > /dev/null ); then
/sbin/insmod ip_masq_ftp
fi
##
## �$B%;%-%e%j%F%#4X78�(B
##
# �$B8=B8$9$k%M%C%H%o!<%/%$%s%?!<%U%'!<%9$*$h$S:#8eH/@8$9$k$G$"$m$&�(B
# �$B%M%C%H%o!<%/%$%s%?!<%U%'!<%9$KBP$7!"H/?.%"%I%l%9$NN)>Z$H56AuJ]8n$r�(B
# �$BM-8z$K$7$^$9!#�(B
#
#
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
else
echo
echo "PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED."
echo
fi
# �$B8=B8$9$kA4$F$N%M%C%H%o!<%/%$%s%?!<%U%'!<%9$N%V%m!<%I%-%c%9%H$r�(B
# �$BH]Dj$7$^$9!#�(B
/sbin/ipchains -A input -d 0.0.0.0 -j DENY
/sbin/ipchains -A input -d 255.255.255.255 -j DENY
# �$B$3$l$i$O%m%05-O?$9$k$3$H$J$/H]Dj$7$^$9!#�(B
/sbin/ipchains -A input -p udp -d $ANY 137 -j DENY # NetBIOS over IP
/sbin/ipchains -A input -p tcp -d $ANY 137 -j DENY # ""
/sbin/ipchains -A input -p udp -d $ANY 138 -j DENY # ""
/sbin/ipchains -A input -p tcp -d $ANY 138 -j DENY # ""
/sbin/ipchains -A input -p udp -d $ANY 67 -j DENY # bootp
/sbin/ipchains -A input -p udp -d $ANY 68 -j DENY # ""
/sbin/ipchains -A input -s 224.0.0.0/8 -j DENY # Multicast addresses
##
## �$B%W%i%$%Y!<%H%M%C%H%o!<%/$+$iH/$9$k%Q%1%C%H$r5v2D$7$^$9!#�(B
##
# �$B%k!<%W%P%C%/%$%s%?!<%U%'!<%9>e$NA4$F$N%Q%1%C%H$r5v2D$7$^$9!#�(B
/sbin/ipchains -A input -i lo -j ACCEPT
# �$BFbIt$N�(B "�$B?.Mj$G$-$k�(B" �$B%$%s%?!<%U%'!<%9$+$iH/$;$i$l$k%Q%1%C%H$rA4$F�(B
# �$B5v2D$7$^$9!#�(B
/sbin/ipchains -A input -i $PRIVATE -s $PRIVATENET -d $ANY -j ACCEPT
/sbin/ipchains -A input -i $PRIVATE -d $ALLONES -j ACCEPT
##
## �$B%U%!%$%"%&%)!<%k$X$N30It%5!<%S%9$r5v2D$7$^$9!#�(B
##
# ICMP �$B$r5v2D$7$^$9!#�(B
/sbin/ipchains -A input -p icmp -j ACCEPT
# TCP �$B$r5v2D$7$^$9!#�(B
# �$B!ZLuCm�(B: tcp syn �$B%Q%1%C%H0J30$r5v2D$7$^$9!#![�(B
/sbin/ipchains -A input -p tcp ! -y -j ACCEPT
# (�$B%U%!%$%"%&%)!<%k>e$N�(B)DNS�$BC5:w$r5v2D$7$^$9!#�(B
/sbin/ipchains -A input -p udp -s $DNS1 domain -d $ANY 1023: -j ACCEPT
/sbin/ipchains -A input -p udp -s $DNS2 domain -d $ANY 1023: -j ACCEPT
# �$B$"$k$$$O�(B (�$B$h$jNI$$0F$H$7$F�(B) �$B%-%c%C%7%e�(B DNS �$B%5!<%P$r%k!<%?>e$G�(B
# �$B2TF0$5$;!">e5-$NBe$o$j$K0J2<$N9T$rMQ$$$^$9!#�(B
# /sbin/ipchains -A input -p udp -s $DNS1 domain -d $ANY domain -j ACCEPT
# /sbin/ipchains -A input -p udp -s $DNS2 domain -d $ANY domain -j ACCEPT
# �$B0J2<$N9T$G�(B ssh �$B$r5v2D$7$^$9!#�(B
/sbin/ipchains -A input -p tcp -d $ANY 22 -j ACCEPT
# �$B0J2<$N9T$G�(B telnet �$B$r5v2D$7$^$9!#�(B (�$B$*A&$a$7$^$;$s�(B!!)
/sbin/ipchains -A input -p tcp -d $ANY telnet -j ACCEPT
# �$B0J2<$N9T$G%k!<%?$K�(B NTP (network time protocol: �$B%M%C%H%o!<%/�(B
# �$B%?%$%`%W%m%H%3%k�(B) �$B$r5v2D$7$^$9!#�(B
# /sbin/ipchains -A input -p udp -d $ANY ntp -j ACCEPT
# SMTP �$B$r5v2D$7$^$9!#�(B (�$B%a!<%k%/%i%$%"%s%H$N0Y$G$O$"$j$^$;$s�(B - �$B%5!<%P�(B
# �$B$@$1$G$9�(B)
/sbin/ipchains -A input -p tcp -d $ANY smtp -j ACCEPT
# POP3 �$B$r5v2D$7$^$9!#�(B(�$B%a!<%k%/%i%$%"%s%HMQ�(B)
/sbin/ipchains -A input -p tcp -d $ANY 110 -j ACCEPT
# �$B%a!<%kAw?.$^$?$O�(B ftp �$B%"%/%;%9$KMQ$$$k�(B auth �$B%W%m%H%3%k$r�(B
# �$B5v2D$7$^$9!#�(B
/sbin/ipchains -A input -p tcp -d $ANY auth -j ACCEPT
# �$B30It$+$i$N�(B HTTP �$B%"%/%;%9$r5v2D$7$^$9!#�(B
# (�$B%k!<%?>e$G�(B web �$B%5!<%P$r2TF/$7$F$$$k>l9g$K8B$j$^$9!#�(B)
/sbin/ipchains -A input -p tcp -d $ANY http -j ACCEPT
# �$B30It$+$i$N�(B FTP �$B%"%/%;%9$r5v2D$7$^$9!#�(B
/sbin/ipchains -A input -p tcp -d $ANY ftp -j ACCEPT
##
## �$B%^%9%+%l!<%I4X78�(B
##
# �$BFbIt%M%C%H%o!<%/$+$iE>Aw$5$l$?%Q%1%C%H$r%^%9%+%l!<%I$7$^$9!#�(B
/sbin/ipchains -A forward -s $PRIVATENET -d $ANY -j MASQ
##
## �$B>e5-0J30$NA4$F$r5qH]$7!"�(B /var/log/messages �$B$X%m%05-O?$7$^$9!#�(B
##
/sbin/ipchains -A input -l -j DENY
# input �$B%A%'%$%s$K$+$V$;$F$$$?38$r<h$j30$7$^$9!#�(B
/sbin/ipchains -D input 1
;;
stop)
action "Stoping firewall: " /bin/true
echo 0 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
echo
;;
restart)
action "Restarting firewall: " /bin/true
$0 stop
$0 start
echo
;;
status)
# �$B@_DjFbMF$r%j%9%HI=<($7$^$9!#�(B
/sbin/ipchains -L
;;
test)
##
## �$B$H$F$bC1=c$J%U%!%$%"%&%)!<%k$N%F%9%H$G$9!#�(B
## (*�$BA4$/�(B*�$B%;%-%e%"$G$O$"$j$^$;$s�(B)
## �$B!ZLuCm�(B: �$B%Q%1%C%H%U%#%k%?%j%s%0$N@_Dj$rA4$F<h$jJ'$$!"�(B
## �$B%^%9%+%l!<%I$N@_Dj$N$_M-8z$K$7$^$9!#�(B
## �$B$3$N@_Dj$OD9;~4VB3$1$F$O$J$j$^$;$s!#
