#!/bin/sh 
################################################################################
#
#                    S H E L L   S C R I P T  F I L E  
#
#                    COPYRIGHT 1997 - 2011  MOTOROLA
#                         ALL RIGHTS RESERVED
#
################################################################################
#
#   FILE NAME       : firewall-config 
#   FUNCTION        : At the instalation, set iptables rulles.
#   PARAMETERS      : None. 
#
################################################################################
#
# Revision History:
#
# Date               Description
# ---------      -----------------------------------------------------
# 10-Jun-11    Initial version
################################################################################

# ---------------------------------------------------------------------------
# Function: setup_iptables_rules
#    Modify firewall configuration.
# Input:  None
# ---------------------------------------------------------------------------

setup_iptables_rules() {   
    
   sed '/-A INPUT -i eth0 -j LOG --log-prefix "Dropped :/i\
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j DROP \
-A INPUT -i eth0 -p udp -m udp --dport 162 -j DROP \
-A INPUT -i eth0 -p tcp -m tcp --dport 5062 -j ACCEPT \
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT \
-A INPUT -i eth0 -p udp -m udp --sport 123 --dport 123 -j ACCEPT \
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j DROP \
-A INPUT -i eth0 -p tcp -m tcp --sport 23 -j DROP \
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j DROP \
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT' < /etc/sysconfig/iptables > /tmp/iptables.tmp

 
    sed '/-A OUTPUT -o eth0 -j LOG --log-prefix "Dropped : /i\
-A OUTPUT -o eth0 -p tcp -m tcp --sport 443 -j DROP \
-A OUTPUT -o eth0 -p udp -m udp --sport 162 -j DROP \
-A OUTPUT -o eth0 -p tcp -m tcp --sport 5062 -j ACCEPT \
-A OUTPUT -o eth0 -p tcp -m tcp --sport 3306 -j ACCEPT \
-A OUTPUT -o eth0 -p udp -m udp --sport 123 --dport 123 -j ACCEPT \
-A OUTPUT -o eth0 -p tcp -m tcp --sport 23 -j DROP \
-A OUTPUT -o eth0 -p tcp -m tcp --dport 23 -j DROP \
-A OUTPUT -o eth0 -p tcp -m tcp --sport 21 -j DROP \
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT' < /tmp/iptables.tmp >/tmp/iptables.tmp.2


rm -f /tmp/iptables.tmp
mv -f /tmp/iptables.tmp.2 /etc/sysconfig/iptables 
}


# ---------------------------------------------------------------------------
# Function: remove_iptables_rules
#    Remove old OMC firewall configuration. Actually, since the OMC's rule are set only once at the installation, the removal isn't necessary. But for any case..
# Input:  None
# ---------------------------------------------------------------------------
remove_iptables_rules() {   

sed -e '/-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p udp -m udp --sport 162 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p tcp -m tcp --dport 5062 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p tcp -m tcp  --dport 3306 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p udp -m udp --sport 123 --dport 123 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p tcp -m tcp --sport 23 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT/d' \
-e '/-A INPUT -i eth0 -p tcp -m tcp --sport 21 -j ACCEPT/d'  /etc/sysconfig/iptables > /tmp/iptables.tmp

sed -e '/-A OUTPUT -o eth0 -p tcp -m tcp --sport 443 -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p udp -m udp --dport 162 -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p tcp -m tcp --sport 5062 -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p tcp -m tcp --sport 3306  -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p udp -m udp --sport 123 --dport 123 -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p tcp -m tcp --dport 23 -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p tcp -m tcp --sport 23 -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p tcp -m tcp --dport 21 -j ACCEPT/d' \
-e '/-A OUTPUT -o eth0 -p tcp -m tcp --sport 21 -j ACCEPT/d'  /tmp/iptables.tmp >/tmp/iptables.tmp.2

rm -f /tmp/iptables.tmp
mv -f /tmp/iptables.tmp.2 /etc/sysconfig/iptables  
}


######################### Main function ########################################
SUCCESS=0
ERROR=1
IpTableFile="/etc/sysconfig/iptables"
IpTablePath="/etc/sysconfig"
# have the iptables rulles to into the /etc/sysconfig/iptables file

echo ""
echo "Setting firewall rules"

if [ ! -e $IpTableFile ]
then
echo "$IpTableFile not exists"
exit ${ERROR}
fi

# just in case, remove old OMC rulls.
remove_iptables_rules

# Backup the iptables file and set rulles 
cp $IpTableFile $IpTablePath/iptables_backup 

# set OMC rulls
setup_iptables_rules

# activate the rulls
service iptables restart

# Save the iptables rulles to into the /etc/sysconfig/iptables file

# service iptables save
# if [ $? -ne ${SUCCESS} ]; then
# echo "Failed saving firewall rules"
# exit ${ERROR}
# fi

exit ${SUCCESS}


 
