#!/bin/bash

# Reset the firewall to a stateful beginning in support of RH253 and
# RH300 classes.  This should match the ending of the iptables exercise
# done in each course.

# Blank the current rules

iptables -t filter -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Define new chain with default set of rules

iptables -N CLASS-RULES
iptables -A CLASS-RULES -i lo -j ACCEPT
iptables -A CLASS-RULES -p icmp -j ACCEPT
iptables -A CLASS-RULES -p udp --dport 631 -j ACCEPT
iptables -A CLASS-RULES -p tcp --dport 631 -j ACCEPT
iptables -A CLASS-RULES -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A CLASS-RULES -p tcp --dport 22 -j ACCEPT
iptables -A CLASS-RULES -j LOG
iptables -A CLASS-RULES -j REJECT --reject-with icmp-host-prohibited

# Point the INPUT chain to the new custom chain

iptables -I INPUT 1 -j CLASS-RULES

# Save our work

service iptables save
