#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== addrtype
#==== Brick specific help ====
#	The fwdsrcaddrtype module checks the source address for valid and invalid
#address types, as maintained by the kernel.  For example, should we
#really be receiving packets from an address the kernel knows is
#unreachable?
#	This module is somewhat experimental, but the checks should be
#conservative enough to safely use.

/usr/bin/sudo /sbin/iptables -N fwdsrcaddrtype
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type LOCAL -j DROP
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type BROADCAST -j DROP
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type ANYCAST -j DROP
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type MULTICAST -j DROP
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type BLACKHOLE -j DROP
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type UNREACHABLE -j DROP
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type PROHIBIT -j DROP
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type UNSPEC -j RETURN
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type UNICAST -j RETURN
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type THROW -j RETURN
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type NAT -j RETURN
/usr/bin/sudo /sbin/iptables -A fwdsrcaddrtype -m addrtype --src-type XRESOLVE -j RETURN
/usr/bin/sudo /sbin/iptables -A FORWARD -j fwdsrcaddrtype