#!/bin/bash
%for num_int in %%range(0, %%int(%%nombre_interfaces))
    %set %%chain = 'eth' + %%str(num_int) + '-root'
/sbin/iptables -A %%chain -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A %%chain -j DROP
/sbin/iptables -A INPUT -i %%getVar('nom_zone_eth' + %%str(num_int)) -j %%chain

%if %%mode_conteneur_actif == "oui"
    %set %%chain_cont = 'eth' + %%str(num_int) + '-cont'
/sbin/iptables -A %%chain_cont -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A %%chain_cont -j DROP
/sbin/iptables -A FORWARD -i %%getVar('nom_zone_eth' + %%str(num_int)) -o br0 -j %%chain_cont
%end if
%end for
