#!/bin/sh
# Auto generated iptables rules for Telem devices.
# Manual changes will be lost.
# If manual changes are needed change the firewall mode to Manual.

start() {
    /bin/echo -n "Configure iptables:start ... " 

    # Remove any old rules
    /usr/sbin/iptables -t filter -F
    /usr/sbin/iptables -t nat -F
    /usr/sbin/iptables -t mangle -F
    /usr/sbin/iptables -t filter -X
    /usr/sbin/iptables -t nat -X
    /usr/sbin/iptables -t mangle -X

    /usr/sbin/ip6tables -t filter -F
    /usr/sbin/ip6tables -t mangle -F
    /usr/sbin/ip6tables -t filter -X
    /usr/sbin/ip6tables -t mangle -X

    # Default policies
    /usr/sbin/iptables -t filter -P INPUT ACCEPT
    /usr/sbin/iptables -t filter -P FORWARD ACCEPT
    /usr/sbin/iptables -t filter -P OUTPUT ACCEPT
    /usr/sbin/iptables -t nat -P OUTPUT ACCEPT
    /usr/sbin/iptables -t nat -P PREROUTING ACCEPT
    /usr/sbin/iptables -t nat -P POSTROUTING ACCEPT
    /usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
    /usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT

    # IPv6 DROP
    /usr/sbin/ip6tables -t filter -P INPUT DROP
    /usr/sbin/ip6tables -t filter -P FORWARD DROP
    /usr/sbin/ip6tables -t filter -P OUTPUT DROP

    # Unrestricted loopback interface for IPv6
    /usr/sbin/ip6tables -t filter -A INPUT -i lo -j ACCEPT
    /usr/sbin/ip6tables -t filter -A OUTPUT -o lo -j ACCEPT

    /bin/echo "done" 
}    
stop() {
    /bin/echo -n "Configure iptables:stop ... " 

    /usr/sbin/iptables -t filter -F
    /usr/sbin/iptables -t nat -F
    /usr/sbin/iptables -t mangle -F
    /usr/sbin/iptables -t filter -X
    /usr/sbin/iptables -t nat -X
    /usr/sbin/iptables -t mangle -X

    /usr/sbin/iptables -t filter -P INPUT ACCEPT
    /usr/sbin/iptables -t filter -P FORWARD ACCEPT
    /usr/sbin/iptables -t filter -P OUTPUT ACCEPT
    /usr/sbin/iptables -t nat -P OUTPUT ACCEPT
    /usr/sbin/iptables -t nat -P PREROUTING ACCEPT
    /usr/sbin/iptables -t nat -P POSTROUTING ACCEPT
    /usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
    /usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT

    /usr/sbin/ip6tables -t filter -F
    /usr/sbin/ip6tables -t mangle -F
    /usr/sbin/ip6tables -t filter -X
    /usr/sbin/ip6tables -t mangle -X

    /usr/sbin/ip6tables -t filter -P INPUT ACCEPT
    /usr/sbin/ip6tables -t filter -P FORWARD ACCEPT
    /usr/sbin/ip6tables -t filter -P OUTPUT ACCEPT

    /bin/echo "done" 
}
restart() {
    stop
    start
}    

case "$1" in
  start)
      start
    ;;
  stop)
      stop
    ;;
  restart|reload)
      restart
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart}" 
    exit 1
esac

exit $?
