#!/bin/bash
#--------------------------------------------------
# Script to flush all existing firewall rules and limit all traffic to the online stream 
# and the Shabbat service stream.  There may be as much as 12 hours before the normal cron 
# job that reloads the droplist from Spamhous.org kicks in and downloads the new list as
# the currently used list may be 37 hours old.
#
# We need to make this script run 21 minuets prior to sundown, probably with an "at" job.

# First we need to stop Arno Iptables Firewall with something like.

/etc/init.d/arno-iptables-firewall stop

# not sure that is correct since the adoption of systemd by debian.

# Second I think I need to flush all the existing rules with something like.

iptables --flush

# Then we need to build the new rule set for the coming Shabbat.  Since we only
# want to allow traffic to and from the online radio stream and the online service I think
# we should do something like this.

iptables -I FORWARD -s 216.118.106.247 -j ALLOW
iptables -I FORWARD -s s2.voscast.com -j ALLOW
iptables -I INPUT -d 216.118.106.247 -j ALLOW
iptables -I INPUT -d s2.voscast.com -j ALLOW
iptables -I OUTPUT -s 216.118.106.247 -j ALLOW
iptables -I OUTPUT -s s2.voscast.com -j ALLOW
iptables  INPUT -s eth1 -j DROP
iptables  FORWARD -s eth1 -j DROP
iptables  OUTPUT -s eth1 -j DROP
iptables  INPUT -s eth0 -j DROP
iptables  FORWARD -s eth0 -j DROP
iptables  OUTPUT -s eth0 -j DROP
iptables  INPUT -s eth2 -j DROP
iptables  FORWARD -s eth2 -j DROP
iptables  OUTPUT -s eth2 -j DROP

# After the Shabbat is over we need to restart the firewall with something like.
# And scheduled to run 45 minuets after sundown with an "at" job.

/etc/init.d/arno-iptables-firewall start

# I am not sure that is correct since the adoption of systemd by debian.  I want long term
# durability here.  So if they are going to drop the above in favor of something else I want
# to use that instead.