#!/bin/bash

Me='icmpchk'
MyVersion='0.1'


Action="$1"
case "$Action" in
start)
	echo "Starting $Me"
	iptables -N $Me

	iptables -A $Me -p icmp -f				-j DROP

	iptables -A $Me -p icmp --icmp-type address-mask-request -j DROP
	iptables -A $Me -p icmp --icmp-type address-mask-reply	-j DROP
	iptables -A $Me -p icmp --icmp-type redirect		-j DROP
	iptables -A $Me -p icmp --icmp-type timestamp-request	-j DROP
	iptables -A $Me -p icmp --icmp-type timestamp-reply	-j DROP

	iptables -A INPUT -i \! lo -p icmp			-j $Me
	iptables -A FORWARD -p icmp				-j $Me
	iptables -A OUTPUT -p icmp				-j $Me
	;;
stop)
	echo "Stopping $Me"
	iptables -D INPUT -i \! lo -p icmp			-j $Me
	iptables -D FORWARD -p icmp				-j $Me
	iptables -D OUTPUT -p icmp				-j $Me

	iptables -D $Me -p icmp -f				-j DROP

	iptables -D $Me -p icmp --icmp-type address-mask-request -j DROP
	iptables -D $Me -p icmp --icmp-type address-mask-reply	-j DROP
	iptables -D $Me -p icmp --icmp-type redirect		-j DROP
	iptables -D $Me -p icmp --icmp-type timestamp-request	-j DROP
	iptables -D $Me -p icmp --icmp-type timestamp-reply	-j DROP

	iptables -F $Me

	iptables -X $Me
	;;
esac