#!/bin/sh
# ipchains/iptables rules generator
#
# chkconfig:	345 15 85
# description:	ipchains/iptables rules generator

# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

# Get service config
CONFIG=/etc/filter/simple.conf
GEN_CONFIG=/etc/filter/generated_rules
SUBSYS=/var/lock/subsys/filter
[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter

# Check that networking is up.
# if is_no "${NETWORKING}" ; then
#    msg_network_down "filter"
# 	exit 1
# fi

confstatus() {
   if [ ! -e $GEN_CONFIG ]; then
      confstatus=3
   elif [ $GEN_CONFIG -ot $CONFIG ]; then
      confstatus=2
   elif [ $SUBSYS -ot $GEN_CONFIG ]; then
      confstatus=1
   else
      confstatus=0
   fi
}

find_filter() {
   iptables=`which iptables 2> /dev/null`
   ipchains=`which ipchains 2> /dev/null`
   if [ -n "$iptables" ]; then
      filter=$iptables
   elif [ -n "$ipchains" ]; then
      filter=$ipchains
   else
      nls "ipchains/iptables not found. cannot continue"
      exit 1
      filter=
   fi
}

# See how we were called.
case "$1" in
  start)
      confstatus
      if [ $confstatus -ge 0 ]; then
         if [ $confstatus -gt 0 ]; then
            $0 init
         fi
         show "Setting filter rules"
         busy
         sh $GEN_CONFIG
         RETVAL=$?
         if [ $RETVAL = 0 ]; then
            touch $SUBSYS
            ok
         else
            fail
         fi
      fi
      ;;
  stop)
  show "Flushing filter rules"
      find_filter
      $filter -F
      RETVAL=$?
      if [ $RETVAL = 0 ]; then
         rm -f $SUBSYS
         ok
      else
         fail
      fi
      ;;
  init)
      show "Generating $GEN_CONFIG"
      find_filter
      umask 077
      filtergen $CONFIG `basename $filter` > $GEN_CONFIG
      ;;
  restart)
      $0 stop
      $0 start
      ;;
  status)
      confstatus
      case "$confstatus" in
         3)
         nls "$GEN_CONFIG not generated"
         ;;
         2)
         nls "$GEN_CONFIG outdated"
         ;;
         1)
         nls "$GEN_CONFIG not applied"
         ;;
         0)
         nls "filter rules applied"
         ;;
      esac
      ;;
  *)
      msg_Usage "$0 {start|stop|restart|init|status}"
      exit 1
      ;;
esac

exit $RETVAL
