diff --git a/contrib/tinc.sh b/contrib/tinc.sh
new file mode 100755
index 000000000..a93de032d
--- /dev/null
+++ b/contrib/tinc.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# die on error
+set -e
+
+if [ "$(hostname)" != "acs-s2ss" ]; then
+	echo "This script has to be run only acs-s2ss!" 1>&2
+	exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+	echo -e "This script must be run as root" 1>&2
+	exit 1
+fi
+
+IP=78.91.103.24
+PORT=12010
+IPT=iptables
+RULE1="-p udp --dport $PORT -s $IP -j REJECT"
+RULE2="-p tcp --dport $PORT -s $IP -j REJECT"
+
+case $1 in
+    block)
+	$IPT -I INPUT 1 $RULE1 
+	$IPT -I INPUT 1 $RULE2
+	service tincd restart
+	;;
+
+    unblock)
+	$IPT -D INPUT $RULE1
+	$IPT -D INPUT $RULE2
+	service tincd restart
+	;;
+
+    status)
+	$IPT -C INPUT $RULE1 && echo "Tinc UDP is blocked"
+	$IPT -C INPUT $RULE2 && echo "Tinc TCP is blocked"
+
+	echo -n "Sintef "
+	tinc -n s2ss info sintef | grep "Reachability"
+
+	echo -n "Frankfurt "
+	tinc -n s2ss info fra | grep "Reachability"
+	;;
+esac