Listing 6: add.input

#!/bin/sh

IPFW="/sbin/ipfwadm"

# Assume eth0 is our trusted interface
TRUSTIF=`/sbin/ifconfig eth0|sed -n -e "s/^[     ]*inet addr\:\([0-
9\.]*\).*$/\1/p"`

if [ -x $IPFW ]; then
# Add input rule for nameserver -> me
$IPFW -I -a accept -P udp -V $TRUSTIF -S 193.78.174.34 53 -D 193.78.174.33

# Add input rule for Internet -> nameserver (masqueraded)
$IPFW -I -a accept -P udp -S 0.0.0.0/0 53 -D 194.109.13.150

# Add input rule for nameserver -> Internet (will masquerade)
$IPFW -I -a accept -P udp -V $TRUSTIF -S 193.78.174.34 53 -D 0.0.0.0/0 53

# Add input rule for Internet -> me for mail (stops at firewall)
$IPFW -I -a accept -P tcp -S 0.0.0.0/0 -D 194.109.13.150 25

# Add input rule for Internet -> me for FTP data connection (masqueraded)
$IPFW -I -a accept -P tcp -S 0.0.0.0/0 20 -D 194.109.13.150 1024:65535

# Add input rule for Internet -> local (masqueraded)
$IPFW -I -a accept -P tcp -k -S 0.0.0.0/0 -D 194.109.13.150

# Add input rules for clients -> Internet (will masquerade)
$IPFW -I -a accept -P tcp -V $TRUSTIF -S 193.78.174.34 -D 0.0.0.0/0
$IPFW -I -a accept -P tcp -V $TRUSTIF -S 193.78.174.35 -D 0.0.0.0/0
fi