#!/bin/bash
#

## Firewall Script
#  01-07-26  by Erik Wegner
#  domain-forward <InternalInterface> <ExternalInterface> <DNS-IP>
#

INT=$1
EXT=$2
DNS=$3

if test -z $1 || test -z $2 || test -z $3; then
	echo "domain-forward <InternalInterface> <ExternalInterface> <DNS-IP>"
	echo "e.g.: domain-forward eth0 ppp0 194.25.2.129"
	exit 2
fi

# Pfad zu IPTables
if test -z $IPTABLES ; then
	IPTABLES=/usr/sbin/iptables
fi

## Ports
#  Nicht-privilegierte = 1024-65535
P_HIGH=1024:65535
P_DOMAIN=53

echo " "
echo "# Domain-Forward $INT[$P_HIGH] -> $EXT, $DNS[$P_DOMAIN]"
echo "$IPTABLES -A FORWARD -o $EXT -i $INT -m state --state NEW \\"
echo "	-p UDP --sport $P_HIGH -d $DNS --dport $P_DOMAIN \\"
echo "	-j ACCEPT"
echo " "
echo "$IPTABLES -A FORWARD -o $EXT -i $INT -m state --state NEW\\"
echo "	-p TCP --sport $P_HIGH -d $DNS --dport $P_DOMAIN \\"
echo "	-j ACCEPT"

