#!/bin/sh
#
# /etc/rc.d/rc.firewall, define the firewall configuration, invoked from
# rc.local.
#

# This file has been switched to modular basis - the rules are loaded from 
# small files wich control small parts of entire firewall configuration.
# The script is designed in a such way , when any denied or rejected packets
# are being logged.
#								Olli.

# Varialbes definition:
# Since child process cannot affect environment of parent we have no need to 
# clear all our vars at the end. Only exported variables will be known for 
# child scripts.:)
VERBOSE=-v
FW=/sbin/ipfwadm
RCFW=/etc/rc.d/firewall
#Uncomment line below if you're tired of verbose operations.
#unset VERBOSE
export FW RCFW VERBOSE

INCOMING=$RCFW/fw.incoming.sh
VARIABLES=$RCFW/fw.variables.sh
MODULES=$RCFW/fw.modules.sh
OUTGOING=$RCFW/fw.outgoing.sh
FORWARDING=$RCFW/fw.forwarding.sh

# See how we were called.
case "$1" in
  start|restart|reload)
	case "$2" in
             log)
		echo -n "Starting firewall configuration script .. "
		LOGGING=-o
		echo -n "Packet logging is enabled."
		echo
		;;
             nolog)
		unset LOGGING
		echo -n "Packet logging is disabled."
		echo
		;;
             *)
		echo "Usage: $0 start <log|nolog>}"
		echo 
		exit 1
	esac
	# Setting variables.
	# Here "." in the beginning has a special meaning: all will be
	# executed in a current shell context.
	# Since child process cannot affect environment of parent we
	# have no need to clear all our vars at the end. :)
	export LOGGING
	. $VARIABLES

	# call modules block
	$MODULES

	echo "Changing fierwall rules.."

	# Flush all rules.
	$FW -A -f

	# call incoming ruleset block
	echo "Calling $INCOMING .."
	$INCOMING

	# call outgoing ruleset block
	echo "Calling $OUTGOING .."
	$OUTGOING

	# call forwarding ruleset block
	echo "Calling $FORWARDING .."
	$FORWARDING

	;;
  status)
        echo "Current firewall configuration:"
	$FW -v -A -l
	echo "--------------------------------------------------------------"
	$FW -v -I -l
	echo "--------------------------------------------------------------"
	$FW -v -O -l
	echo "--------------------------------------------------------------"
	$FW -v -F -l
	echo "--------------------------------------------------------------"
	$FW -v -M -l
	echo "--------------------------------------------------------------"
	echo "Done."
	;;
  guest)
        if [ "$2" = "" ] ; then
	echo 
                echo "You must specify IP addr of guest mashine."
                echo "$0 guest <ip_addr>"
	echo 
	exit 1
        fi
#        echo "Inserting rules for guest mashine w/ address $2.. "
	echo "This part of script is not implemented, yet.. =) "
	;;
  flush)
        echo "flushing ALL firewall rules.."
	# Flush all rules.
	$FW -A -f
	$FW -I -f
	$FW -O -f
	$FW -F -f
#	$FW -M -f
	;;
  check)
        if [ "$2"="" ] ; then
	echo 
                echo "You must specify IP addresses: from->to for checking."
                echo "$0 check <from_ip to_ip>"
	echo 
	fi
	echo "This part of script is not implemented, yet.. =) "
	;;
  *)
	echo "Usage: $0 {start <log|nolog>|flush|status|guest <ip_addr>|check <from_ip to_ip>}"
	echo 
	exit 1
esac