#!/bin/bash
#Can't block 53 (dns)
#Copyright (c) 1999, William Stearns and Bascom Global Internet Services.
#wstearns@pobox.com

OKNETS="172.16.0.0/16 172.17.0.0/16 172.18.0.0/16 172.19.0.0/16 172.20.0.0/16 172.21.0.0/16 172.22.0.0/16 172.23.0.0/16 172.24.0.0/16"
MYIPS=`ifconfig | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`

FW="/sbin/ipfwadm"
#FW="echo "

$FW -I -p accept
$FW -I -f
$FW -O -p accept
$FW -O -f
$FW -F -p accept
$FW -F -f

for ONEPORT in 80 514 3128 3130 ; do
	case "$ONEPORT" in
	"3130"|"514")	PROTO="udp" 	;; 
	*)				PROTO="tcp"		;;
	esac
	for ONEIP in $MYIPS ; do
		for ONENET in $OKNETS ; do
			$FW -I -a accept -S $ONENET -D $ONEIP $ONEPORT -P $PROTO
		done
		$FW -I -a deny -D $ONEIP $ONEPORT -P $PROTO
	done
done

for ONENET in $OKNETS ; do
	$FW -F -a accept -m -S $ONENET
done