#!/bin/bash


. /ips/setup/.config

. /ips/ip2/.functions


ICMPIN="0 3 8 11"
ICMPOUT="8 3 11"

# !

if [ "$QOS_BRIDGE" = "1" ]; then 
   #MARK="-m mark --mark 0"
   MARK=
   IDEV="-m physdev --physdev-in $ANYDEV"
else
   MARK=
   IDEV="-i $ANYDEV"
fi


if [ "$OURIP" = "" ]; then 
    OURIP=`cat /ips/ip2/IP1 2> /dev/null` 
fi

if [ "$ANYIPS" = "" ]; then 
    ANYIPS=$OURIP
fi

#echo $ANYIPS; exit

for I in $ANYIPS; do

#  accepted icmp :  icmp_type IT -> box
  for J in $ICMPIN ; do
  
     rulea "INPUT -p icmp $IDEV -d $I --icmp-type $J -j ACCEPT"

  done

     # windo ... 
    rulea "INPUT $IDEV  $MARK -d $I -p tcp --destination-port 135 -j DROP"
    rulea "INPUT $IDEV  $MARK -d $I -p tcp --destination-port 137 -j DROP"
    rulea "INPUT $IDEV  $MARK -d $I -p tcp --destination-port 138 -j DROP"
    rulea "INPUT $IDEV  $MARK -d $I -p tcp --destination-port 139 -j DROP"
    rulea "INPUT $IDEV  $MARK -d $I -p tcp --destination-port 445 -j DROP"

done


