#!/bin/bash
### BEGIN INIT INFO
# Provides:          firewall
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start firewall.sh at boot time
# Description:       Enable service provided by firewall
### END INIT INFO

# ATENO # AS LINHAS ACIMA NO SO COMENTTARIOS , ELAS FORMAM O CABEADLHO DO SCRIPT NO PODE SER ALTERADAS E NEM APAGADAS.


iniciar(){

# Limpa todas a regras existentes

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

#Porta acesso remoto via ssh

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Liberar ping

iptables -A INPUT -p icmp -j ACCEPT


#POrtas que o samba precisa TCP

iptables -A INPUT -p tcp -s 1.1.1.0/24 -m multiport --dport 53,88,135,139,389,445,636,1024:5000,3268,3269,5353 -j ACCEPT
iptables -A INPUT -p tcp -s 1.1.1.0/24 -m multiport --dport 1024:5000,3268,3269,5353 -j ACCEPT

#POrtas que o samba precisa UDP

iptables -A INPUT -p UDP -s 1.1.1.0/24 -m multiport --dport 137,138,53,88,389,464,5353,123 -j ACCEPT



# Regra que trata o estado da conexao das portas liberadas acima

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


# AQUI VEM AS REGRAS DE FECHAR TUDO - TUDO QUE NO CASAR COM AS REGRAS ACIMA SERO DESCARTADAS (BLOQUEADAS)
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j DROP


}

parar(){
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
}

case "$1" in 
"start") iniciar ;; 
"stop") parar ;; 
"restart") parar; iniciar ;;
*) echo "Use os parmetros start ou stop"
esac

