case "$1" in
start)
echo -n "Starting firewall"

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Flush all tables
iptables -F
iptables -t nat -F
iptables -X

# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

# Allow input from localhost and the local network
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $INTIF -s $INTLAN -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# OPEN PORTS for ICQ, FTP, HTTP and whatever you like
iptables -A INPUT -p tcp --syn --dport $ICQMSGPORT -j ACCEPT #normal ICQ messages
iptables -A INPUT -p tcp --syn --dport 20 -j ACCEPT #ftp-data (if you have
iptables -A INPUT -p tcp --syn --dport 21 -j ACCEPT #ftp an ftp-server)
iptables -A INPUT -p tcp --syn --dport 80 -j ACCEPT #http (and a webserver)
iptables -A INPUT -p tcp --syn --dport $ICQFTPORTS -j ACCEPT -d $HOST1 #ICQ filetrans
iptables -A FORWARD -p tcp --syn --dport $ICQFTPORTS -j ACCEPT -d $HOST1 #ICQ filetrans

# Forward to and from local network
iptables -A FORWARD -i $INTIF -s $INTLAN -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Masquerading
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# ICQ port forwarding
iptables -t nat -A PREROUTING -p tcp -i $EXTIF --dport $ICQFTPORTS -j DNAT --to-destination $HOST1

echo "."
;;

stop)
echo -n "Stopping firewall"
iptables --flush
iptables -t nat -F

# set the gates wide open
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# and enable masquerading
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# ICQ port forwarding
iptables -t nat -A PREROUTING -p tcp -i $EXTIF --dport $ICQFTPORTS -j DNAT --to-destination $HOST1

echo "."
;;

restart)
$0 stop
sleep 1
$0 start
;;

*)
echo "Usage: /etc/init.d/firewall {start|stop|restart}"
exit 1
;;
esac

exit 0