#!/bin/sh
# ipchains/iptables rules generator
#
# chkconfig:	345 15 85
# description:	ipchains/iptables rules generator

# Source function library
. /etc/rc.d/init.d/functions

# Get service config
CONFIG=/etc/filter/simple.conf
GEN_CONFIG=/etc/filter/generated_rules
SUBSYS=/var/lock/subsys/filter
[ -f /etc/sysconfig/filter ] && . /etc/sysconfig/filter

confstatus() {
	if [ ! -e "$GEN_CONFIG" ]; then
		confstatus=3
	elif [ "$GEN_CONFIG" -ot "$CONFIG" ]; then
		confstatus=2
	elif [ "$SUBSYS" -ot "$GEN_CONFIG" ]; then
		confstatus=1
	else
		confstatus=0
	fi
}

find_filter() {
	iptables=`which iptables 2> /dev/null`
	ipchains=`which ipchains 2> /dev/null`
	if [ -n "$iptables" ]; then
		filter=$iptables
	elif [ -n "$ipchains" ]; then
		filter=$ipchains
	else
		nls "ipchains/iptables not found. Cannot continue"
		filter=
		exit 1
	fi
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
	confstatus
	if [ $confstatus -ge 0 ]; then
		if [ $confstatus -gt 0 ]; then
			$0 init
		fi
		show "Setting filter rules"
		busy
		sh "$GEN_CONFIG"
		[ $? -ne 0 ] && RETVAL=1
		if [ $RETVAL -eq 0 ]; then
			touch "$SUBSYS"
			ok
		else
			fail
		fi
	fi
	;;
  stop)
	show "Flushing filter rules"
	find_filter
	$filter -F
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
		rm -f "$SUBSYS"
		ok
	else
		fail
	fi
	;;
  init)
	show "Generating %s" "$GEN_CONFIG"
	find_filter
	umask 077
	filtergen "$CONFIG" `basename $filter` > "$GEN_CONFIG"
	;;
  restart|force-reload)
	$0 stop
	$0 start
	exit $?
	;;
  status)
	confstatus
	case "$confstatus" in
	  3)
		nls "%s not generated" "$GEN_CONFIG"
		;;
	  2)
		nls "%s outdated" "$GEN_CONFIG"
		;;
	  1)
		nls "%s not applied" "$GEN_CONFIG"
		;;
	  0)
		nls "filter rules applied"
		;;
	esac
	[ "$confstatus" -ne 0 ] && RETVAL=3
	;;
  *)
	msg_usage "$0 {start|stop|init|restart|force-reload|status}"
	exit 3
	;;
esac

exit $RETVAL