#!/bin/bash

# Disable the client's connection to the Internet except for 
# incoming SSH connections and outgoing UUCP connections.
#
# This is called when the network-monitoring daemon determines
# that the customer has used his daily allotment of network
# traffic.
#
# This script must be idempotent (meaning that calling it more than once
# has the same effect as calling it once) since we cannot guarantee
# that every call to connect is matched by a call to disconnect.
# In fact, the /etc/gatekeeper/gatekeeper daemon makes no effort to match
# calls to connect with calls to disconnect.

IPT="/sbin/iptables"
MODPROBE="/sbin/modprobe"

# Make sure the modules we need are loaded:
$MODPROBE ip_tables

# Break the connection to the server Squid:
$IPT -R blockoutgoing 1 -p tcp --dport 3128 -j REJECT
$IPT -R blockoutgoing 2 -p tcp --dport 3130 -j REJECT