#!/bin/sh
# Block script for Checkpoint firewalls ( 4.1 and NG )
# Philip Markwalder <pm@ibp.ch>
# Roland Gafner <roland.gafner@gmx.net>
#
#  guardian_block.sh <source_ip> <interface>
#

FW1_HOME="/opt/CPfw1-NG"        # Home directory of checkpoint (specify other path for checkpoint 4.1)
FW1_HOSTNAME="localhost"        # Firewalled host normaly localhost ( default = localhost)
FW1_MODULES="All"		# On which firewalls should be blocked (default = All)
FW1_TIMEOUT="forever"		# Timeout in seconds, when the blocking should be solved 
				# ( default forever) so guardian takes over the lead and 
				# must send the unblock
FW1_OPTIONS="-I"		# Inhibit connections and close all existing
				# with the specified parameters ( specifiy -n for just logging but not blocking)
source=$1
interface=$2

$FW1_HOME/bin/fw sam -s $FW1_HOSTNAME -f $FW1_MODULES -t $FW1_TIMEOUT $FW1_OPTIONS src $source