#!/sbin/runscript

# wraps Arno's IPTABLES Firewall

opts="${opts} showstatus panic"

start() {
	ebegin "Starting firewall"
	real_arno start
	eend $?
}

stop() {
	ebegin "Stopping firewall (you are unprotected now!)"
	real_arno stop
	eend $?
}

showstatus() {
	ebegin "Status"
	real_arno status
	eend $?
}

panic() {
	ebegin "Setting panic rules"
	$IPTABLES -F
	$IPTABLES -X
	$IPTABLES -t nat -F
	$IPTABLES -P FORWARD DROP
	$IPTABLES -P INPUT   DROP
	$IPTABLES -P OUTPUT  DROP
	$IPTABLES -A INPUT -i lo -j ACCEPT
	$IPTABLES -A OUTPUT -o lo -j ACCEPT
	eend $?
}

real_arno() {

IPTABLES=/sbin/iptables
CONFIG_FILE=/dev/null