#!/bin/bash

if [ "$1" != on -a "$1" != off ] ; then
  echo "Usage: $0 { on | off }"
  exit
fi

iptables="/sbin/iptables"
dev=eth0
allowports="22 139"

$iptables -N block # > /dev/null 2&>1
$iptables -F block

$iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A block -m state --state NEW -i ! $dev -j ACCEPT

for p in $allowports ; do
  $iptables -A block -m state --state NEW -p udp --dport $p -j ACCEPT
  $iptables -A block -m state --state NEW -p tcp --dport $p -j ACCEPT
done

$iptables -A block -j DROP

$iptables -F INPUT

if [ $1 = off ] ; then
  exit
fi 

$iptables -A INPUT -j block
$iptables -A FORWARD -j block