#!/bin/sh

cmd="/sbin/ipfw -q"
$cmd -f flush

$cmd enable one_pass
$cmd add allow all from any to any via lo0
$cmd add deny all from any to 127.0.0.0/8
$cmd add deny all from 127.0.0.0/8 to any
$cmd add deny all from any to any frag

$cmd add check-state
$cmd add allow tcp from any to any established
$cmd add allow all from any to any out keep-state

# ssh
$cmd table admin create missing
$cmd table admin add 46.160.0.0/19
$cmd add allow ip from "table(admin)" to me 22

# HTTP && HTTPS
$cmd add allow tcp from any to me 443 in limit src-addr 50
$cmd add allow tcp from any to me 80 in limit src-addr 20

# Mail
$cmd add allow tcp from me to any 25 out
$cmd add allow tcp from any 25 to me in

# Ping
$cmd add allow icmp from "table(admin)" to me in icmptype 8
$cmd add allow icmp from me to "table(admin)" out icmptype 0,8

$cmd add deny log all from any to any