#!/bin/sh
# pmfirewall
# chkconfig: 2345 50 80
# description: Control script for pmfirewall package.
#

CONFIG_DIR=/usr/local/pmfirewall
# Source function library.
. /etc/rc.d/init.d/functions


## Read Configuration File
. $CONFIG_DIR/pmfirewall.conf

case "$1" in

#####START FIREWALL#####
start)
     echo -n "Starting PMFirewall:"
     ## Flush rule sets, start from scratch
     $IPCHAINS -F input
     $IPCHAINS -F output   
     $IPCHAINS -F forward

     ## Read firewall rules
     . $CONFIG_DIR/pmfirewall.rules.1
     . $CONFIG_DIR/pmfirewall.rules.local

     ## Read Masq Rules
     . $CONFIG_DIR/pmfirewall.rules.masq

     # Allow incoming and outgoing ICMP
#     $IPCHAINS -A input -p icmp -s $REMOTENET -d $OUTERNET -j ACCEPT
     $IPCHAINS -A output -p icmp -s $OUTERNET -d $REMOTENET -j ACCEPT

     # These are open to sockets created by connections allowed by ipchains
     $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
     $IPCHAINS -A input -p udp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT

     ## Set default policy
     $IPCHAINS -A output -j ACCEPT
     $IPCHAINS -A input -j DENY -l
     echo "		Done!"
     echo ""
     echo "Internal: $INTERNALIF	$INTERNALNET"
     echo "External: $OUTERIF	$OUTERNET"
     echo "" ;;

#####STOP FIREWALL####
stop)
     echo ""
     echo -n "Shutting down PMFirewall:"
     $IPCHAINS -F input
     $IPCHAINS -F output
     $IPCHAINS -F forward
     $IPCHAINS -P forward DENY
     echo "		Done!"
     echo "" ;;

#####START MASQ#####
masqstart)
     echo ""
     echo -n "Starting IP Masquerading:"
     ## Read Masq Rules
     . $CONFIG_DIR/pmfirewall.rules.masq
     echo "		Done!"
     echo ""
     echo "Internal: $INTERNALIF	$INTERNALNET"
     echo "External: $OUTERIF	$OUTERNET"
     echo "" ;;

#####STOP MASQ#####
masqstop)
     echo ""
     echo -n "Shuting down IP Masquerading:"
     $IPCHAINS -F forward
     $IPCHAINS -P forward DENY
     echo "		Done!"
     echo "" ;;

restart)
        $0 stop
        $0 start
        ;;

uninstall)
       $CONFIG_DIR/uninstall
       ;;


  *)
 
     echo ""
     echo "  USAGE:  pmfirewall [command] "
     echo ""
     echo "  COMMANDS:"
     echo "         start      Enables PMFirewall and Masquerading (if installed)."
     echo "         stop       Disables PMFirewall  and Masquerading (if installed)."
     echo "         restart    Flushes and reloads the rules in PMFirewall."
     echo "         masqstart  Enables IP Masquerading only (no firewall)."
     echo "         masqstop   Disables IP Masquerading only (no firewall)."
     echo "         uninstall  Completely removes PMFirewall."
     echo "         help       Displays this list of options."
     echo ""
     exit 1 ;;

esac
exit 0