#!/bin/sh
# Get the functions stuff so we can do the cool colored ok and
# failed messages :)
#. /etc/init.d/functions
# Figure out current RoadRunner IP to use on interface
if [ $# -ne 3 ]
then
echo "Usage: /etc/init.d/iptables {allow|deny} <IP>"
exit 1
fi
MYIP=`/sbin/ifconfig eth0 | awk '/addr:/{print $2}' | awk 'BEGIN{FS=":"}{printf"%s",$2}'`
IPTABLES="/usr/sbin/iptables"
CLIENT=$2
MAC=$3
case "$1" in
allow)
$IPTABLES -I FORWARD -i eth2 -o eth0 -s ${CLIENT}/32 -m mac --mac-source $MAC -p tcp --dport 0: -j ACCEPT || FAIL=true
$IPTABLES -I FORWARD -i eth2 -o eth0 -s ${CLIENT}/32 -m mac --mac-source $MAC -p udp --dport 0: -j ACCEPT || FAIL=true
$IPTABLES -I FORWARD -i eth2 -o eth0 -s ${CLIENT}/32 -m mac --mac-source $MAC -p icmp -j ACCEPT || FAIL=true
$IPTABLES -I INPUT -s ${CLIENT}/32 -m mac --mac-source $MAC -p tcp -i eth2 --dport 0: -d 0/0 -j ACCEPT || FAIL=true
$IPTABLES -I INPUT -s ${CLIENT}/32 -m mac --mac-source $MAC -p udp -i eth2 --dport 0: -d 0/0 -j ACCEPT || FAIL=true
$IPTABLES -t nat -I PREROUTING -i eth2 -p tcp -d 0/0 -s ${CLIENT}/32 -m mac --mac-source $MAC -j ACCEPT
;;
deny)
$IPTABLES -D FORWARD -i eth2 -o eth0 -s ${CLIENT}/32 -m mac --mac-source $MAC -p tcp --dport 0: -j ACCEPT || FAIL=true
$IPTABLES -D FORWARD -i eth2 -o eth0 -s ${CLIENT}/32 -m mac --mac-source $MAC -p udp --dport 0: -j ACCEPT || FAIL=true
$IPTABLES -D FORWARD -i eth2 -o eth0 -s ${CLIENT}/32 -m mac --mac-source $MAC -p icmp -j ACCEPT || FAIL=true
$IPTABLES -D INPUT -s ${CLIENT}/32 -m mac --mac-source $MAC -p tcp -i eth2 --dport 0: -d 0/0 -j ACCEPT || FAIL=true
$IPTABLES -D INPUT -s ${CLIENT}/32 -m mac --mac-source $MAC -p udp -i eth2 --dport 0: -d 0/0 -j ACCEPT || FAIL=true
$IPTABLES -t nat -D PREROUTING -i eth2 -p tcp -d 0/0 -s ${CLIENT}/32 -m mac --mac-source $MAC -j ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {allow|deny} <IP>"
exit 1
;;
esac
echo ""
exit 0