#!/bin/sh

# firewall command
FwCMD="/sbin/ipfw -q"

${FwCMD} -f flush

#safe networks define
${FwCMD} table 22 add 127.0.0.1
${FwCMD} table 22 add 192.168.0.0/24
${FwCMD} table 22 add 172.16.42.0/24

#peers
${FwCMD} table 22 add 185.45.152.0/22
${FwCMD} table 22 add 195.5.0.54

#safe zones
${FwCMD} add 45 allow ip from table\(22\) to me
${FwCMD} add 45 allow ip from me to table\(22\)

#ssh access
${FwCMD} add 46 deny ip from any to me  dst-port 22
${FwCMD} add 46 deny ip from me to any src-port 22

#snmp access
${FwCMD} add 47 deny ip from any to me  dst-port 161
${FwCMD} add 47 deny ip from me to any src-port 161

#SIP access
${FwCMD} add 48 deny ip from any to me  dst-port 5060
${FwCMD} add 48 deny ip from me to any src-port 5060

#mysql access
${FwCMD} add 49 deny ip from any to me  dst-port 3306
${FwCMD} add 49 deny ip from me to any src-port 3306

#Asterisk misc
${FwCMD} add 50 deny ip from any to me dst-port 28533
${FwCMD} add 50 deny ip from me to any src-port 28533

${FwCMD} add 50 deny ip from any to me dst-port 2727  
${FwCMD} add 50 deny ip from me to any src-port 2727  

${FwCMD} add 50 deny ip from any to me dst-port 4569 
${FwCMD} add 50 deny ip from me to any src-port 4569 

${FwCMD} add 50 deny ip from any to me dst-port 4520 
${FwCMD} add 50 deny ip from me to any src-port 4520 

#NFS 
${FwCMD} add 51 deny ip from any to me dst-port 111
${FwCMD} add 51 deny ip from me to any src-port 111

${FwCMD} add 51 deny ip from any to me dst-port 601
${FwCMD} add 51 deny ip from me to any src-port 601

${FwCMD} add 51 deny ip from any to me dst-port 602
${FwCMD} add 51 deny ip from me to any src-port 602

${FwCMD} add 51 deny ip from any to me dst-port 2049
${FwCMD} add 51 deny ip from me to any src-port 2049

${FwCMD} add 65535 allow all from any to any