;   Start the console
        command
        set log monitor on
        ftpd

;   Telnet Daemon - This goes in the top part of the
;   script (startup section)

        user vovka PaS5Wd *
        telnetd do_tel

;   set up NAT
;   general reset for unknown packets
;        set nat send-reset on
;        set nat send-icmp on

;   Set up the upline network interfaces

        packet en0 0x60 * dhcp dynamic-nat

        nat en0 * 192.168.0.2 10.20.242.18
        nat en0 * 192.168.0.3 10.20.242.18
        nat en0 * 192.168.0.4 10.20.242.18

        packet en1 0x61 192.168.0.1/24

; -----------------------------------------------

;   Route everything to the IP the router
;   that can reach the Internet.

;        route * en0

;   Learn the routes on the downline interface
; mozna zakomentaritj
;       rip en0

;       SECURITY
;   Filter the NbT packets
;   Port 137 use UDP for NetBIOS setup
;   These filters will block aLL NbT service
;   requests into the box on the upline

        filter en0 log drop in udp * *:137

;   Filter attempts to Telnet to the router, on either
;   interface, from the outside - log them

        filter en0 log deny in tcp * *:21
	filter en0 log deny in tcp * *:23
;       filter en0 log deny in tcp * www.xxx.yyy.250:23

;   filter any INCOMING packets with our address
;   in the source to prevent spoofing

        filter en0 log drop in * 192.168.0.0/24 *

;   Otherwise let everything else through

        filter en0 permit in * * *
        filter en0 permit out * * *
;        filter en1 permit in * * *
;        filter en1 permit out * * *


        exit

;   This will run for each incoming telnet connection.

do_tel:

        on timeout drop_tel
        send "\r\nlogin: "
        set echo on
        read 60 "\r\n" NAME
        send "\r\nPassword:"
        set echo off
        read 60 "\r\n" PASS
        authenticate NAME PASS *:21
        log "$NAME logged in from $IPADDR:$PORT"
        send "\r\n\n"
        command
drop_tel:
        exit