#!/bin/sh

# Misc leftovers from origina floppyfw firewall.ini script that looks useful

#
# Keep state.
#
iptables -A FORWARD -m state --state NEW -i ${INSIDE_DEVICE} -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW,INVALID -i ${OUTSIDE_DEVICE} -j DROP

#
# This is mainly for PPPoE usage but it won't hurt anyway so we'll just
# keep it here.
#
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

#
# We would like to ask for names from our floppyfw box
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#
# If the user wants to have the fake identd running, the identd has to
# be able to answer.
#
if [ ${FAKEIDENT} ] 
then
  iptables -A INPUT -p TCP --dport 113 -i ${OUTSIDE_DEVICE} -j ACCEPT
fi

#
# And, some attempt to get interactive sesions a bit more interactive
# under load:
#
iptables -A PREROUTING -t mangle -p tcp --sport ssh  -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput