#!/bin/sh

fw="/sbin/ipfw -q"
admin="192.168.12.2, 192.168.12.7"
user="192.168.12.3, 192.168.12.5"

${fw} flush

${fw} add 10 allow all from any to any via lo0
${fw} add 20 deny ip from 127.0.0.0/8 to any
${fw} add 30 deny ip from any to 127.0.0.0/8
${fw} add 40 deny ip from 192.168.12.0/24 to any in recv le0
${fw} add 50 deny ip from any to any frag

${fw} add 55 fwd 127.0.0.1, 3128 ip from ${admin} to any 80,443 in recv le1
${fw} add 56 fwd 127.0.0.1, 3128 all from ${user} to any 80,443 in recv le1

${fw} add 60 divert natd all from any to any via le0

${fw} add 65 allow tcp from any 3389 to any
${fw} add 66 allow tcp from any to any 3389

${fw} add 67 allow tcp from any 22 to any
${fw} add 68 allow tcp from any to any 22

${fw} add 70 allow tcp from any to any established
${fw} add 80 allow tcp from me to any setup

${fw} add 90 allow udp from me to any 53 via le0
${fw} add 100 allow udp from any 53 to me via le0

${fw} add 110 allow all from ${admin} to any via le1
${fw} add 111 allow all from ${user} to me via le1
${fw} add 112 allow all from me to any via le1