#!/bin/bash


case "$1" in
start)

modprobe ip_conntrack
modprobe ip_conntrack_ftp


## Cancella le regole precedenti
iptables -F

####  Default Policy 
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#########################
#####  Input Chain Policy
########################

##### connessioni verso localhost
iptables -A INPUT -i lo -p all -j ACCEPT

######### ICMP policy - rispondi al ping.....solo echo request.
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

###### SSH
iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT


##### HTTP
iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT

##### Stateful firewall
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

## User feedback........
echo 'Firewall attivo.....'
;;

stop)
## setta le default policy su ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

## Cancella le regole precedenti
iptables -F
## User feedback........
echo 'Firewall disattivato. Server NON protetto.'
;;

status)
iptables -vnL
;;

esac 

exit 0