#!/bin/bash

# source function library
. /etc/rc.d/init.d/functions

cat >/dev/null <<EOF
EOF

function firewallrules() {
	echo ipfwadm -I -p deny
	echo ipfwadm -I -f
	echo ipfwadm -O -p deny
	echo ipfwadm -O -f
	echo ipfwadm -F -p deny
	echo ipfwadm -F -f
	echo ipautofw -F
	cat /etc/sysconfig/firewall | sed -e '
	s/	/ /g
	/^#/ b
	/^helper / {
		s/^helper /modprobe ip_masq_/
		b
	}
	/^backchannel / {
		s/^backchannel /ipautofw -A /
		s/ control / -c /
		s/ ports / -r /
		s/ insecure / -i /
		s/ host / -h /
		b
	}
	/^timeout/ {
		s/timeout tcp \(.*\)/ipfwadm -M -s \1 0 0 /
		s/timeout tcp_fin \(.*\)/ipfwadm -M -s 0 \1 0 /
		s/timeout udp \(.*\)/ipfwadm -M -s 0 0 \1 /
		b
	}
	s/^input default /ipfwadm -I -p /
	s/^forward default /ipfwadm -F -p /
	s/^output default /ipfwadm -O -p /
	s/^input /ipfwadm -I -a /
	s/^forward /ipfwadm -F -a a /
	s/^transparent /ipfwadm -F -a a -b /
	s/^output /ipfwadm -O -a a /
	s/^masquerade /ipfwadm -F -a m /
	/^ipfwadm/ {
		s/ allow / accept /
		s/ interface / -V /
		s/ protocol / -P /
		s/ from / -S /
		s/ to / -D /
		s/ source / -S /
		s/ destination / -D /
		s/\.\./:/g
		s/ port / /g
		s% any % 0/0 %g
		s/icmp_echoreply/0/
		s/icmp_dest_unreach/3/
		s/icmp_source_squench/4/
		s/icmp_redirect/5/
		s/icmp_echo/8/
		s/icmp_time_exceeded/11/
		s/icmp_parameterprob/12/
		s/icmp_timestampreply/14/
		s/icmp_timestamp/13/
		s/icmp_info_request/15/
		s/icmp_info_reply/16/
		s/icmp_addressreply/18/
		s/icmp_address/17/
		s/ nolog / /
		s/ nolog$//
		s/ log / -o /
		s/ log$/ -o/
		b
	}
	'
}

case "$1" in
  start)
	if [ -f /etc/sysconfig/firewall ]; then 
		echo -n "Setting up firewall support"
		firewallrules | sh
		touch /var/lock/subsys/firewall
		echo
 	fi
	;;
  stop)
	if [ -f /etc/sysconfig/firewall ]; then 
		echo -n "Blocking firewall... only accepting packets from internal network"
		# Input rules
		ipfwadm -I -p deny
		ipfwadm -I -f
		ipfwadm -I -i accept -V inside
		# Deny forwarding
		ipfwadm -F -p deny
		ipfwadm -F -f
		ipautofw -F
		rm -f /var/lock/subsys/firewall
		echo
	else
		$0 clear
	fi
	;;
  clear)
	echo -n "Removing firewall settings.... (plain router)"
	ipfwadm -I -p accept
	ipfwadm -I -f
	ipfwadm -O -p accept
	ipfwadm -O -f
	ipfwadm -F -p accept
	ipfwadm -F -f
	ipautofw -F
	echo
	;;
  debug)
	firewallrules
	;;
  debugstart)
	echo "Setting up firewall rules (verbose)"
	firewallrules | sh -x
	;;
  *)
	echo "Usage: $0 {start|stop|clear}"
	exit 1
esac

exit 0