IFACE=eth0
	d="/etc/shorewall"
	IP=`ip addr show $IFACE | awk -F 'inet' '{print $2}' | tail -n1 | awk '{print $1}`
	BCAST=`ipcalc -b $IP | cut -d= -f2`

	# verify that we actually have an eth0 device
	ip addr show ${IFACE}
	apk_add $@
	# save current iptables
	/etc/init.d/iptables save
	echo "STARTUP_ENABLED=Yes" >> "${d}/shorewall.conf"
	if ! [ cat "${d}/zones" | grep "loc ipv4" ]; then
		echo "loc ipv4" >> "${d}/zones"
	fi
	echo "loc ${IFACE}" >> "${d}/interfaces"
	# so we dont lose our ssh connection
	echo "all all ACCEPT" >> "${d}/policy"
	echo "Ping/REJECT fw all" >> "${d}/rules"
	/etc/init.d/$@ start
	# detect the broadcast adress and try to ping it
	echo "BROADCAST addr is $BCAST"
	# we should not be allowed to ping
	ping -c 1 $BCAST 2>&1 | grep "not permitted"
	/etc/init.d/$@ stop
	/etc/init.d/iptables restore
	apk_del $@