#!/bin/bash
#

## Firewall Script
#  01-07-26  by Erik Wegner
#  domain-client-up <Interface> <Nameserver-IP>
#

INT=$1  # Interface
NET=$2  # Network

if test -z $1 || test -z $2 ; then
	echo "domain-client-up <Interface> <Nameserver-IP>"
	echo "e.g.: domain-client-up eth0 194.25.2.129"
	exit 2
fi

# Pfad zu IPTables
if test -z $IPTABLES ; then
	IPTABLES=/usr/sbin/iptables
fi

## Ports
#  Nicht-privilegierte = 1024-65535
P_HIGH=1024:65535
P_DOMAIN=53

echo -e "\n#DNS Client $NET [$P_DOMAIN] <-> $INT [$P_HIGH]" 

# UDP-Verbindungen
#echo "$IPTABLES -A INPUT -i $INT -p UDP \\"
#echo "	-s $NET --sport $P_DOMAIN \\"
#echo "	--dport $P_HIGH -j ACCEPT"

echo -e "\n$IPTABLES -A OUTPUT -o $INT -p UDP \\"
echo "	--sport $P_HIGH --dport $P_DOMAIN \\"
echo "	-m state --state NEW -d $NET -j ACCEPT"

# TCP-Verbindungen
#echo -e "\n$IPTABLES -A INPUT -i $INT -p TCP \\"
#echo "	-s $NET --sport $P_DOMAIN \\"
#echo "	--dport $P_HIGH ! --syn -j ACCEPT"

echo -e "\n$IPTABLES -A OUTPUT -o $INT -p TCP \\"
echo "	--sport $P_HIGH --dport $P_DOMAIN \\"
echo "	-m state --state NEW -d $NET -j ACCEPT"

# Falsche Verbindungen aufzeichen
#echo -e "\n$IPTABLES -A INPUT -p TCP --sport $P_DOMAIN --syn -j my_drop"
#echo "$IPTABLES -A INPUT -p UDP --sport $P_DOMAIN       -j my_drop"

