#! /bin/sh
####
## Custom made script to start / stop an iptables firewall and load / unload a fwbuilder made policy
## SuSE 7.3 SPARC
## Created by the UglyMotha. Version 1.0 22/03/2002
####

modprobe ip_conntrack || exit 1
modprobe ip_conntrack_ftp || exit 1
modprobe ip_nat_ftp || exit 1

# Initializing of some varialbes / constants used in the script

# Name of the firewall, used to define policy file if none given
FIREWALL=`hostname`			

# Initialize state file, 0 = shutdown, 1 = running with policy loaded, 2 = running, no policy loaded (default)
STATE_FILE=/var/run/firewall
[ ! -e $STATE_FILE ] && touch $STATE_FILE && echo 0 >$STATE_FILE  
STATE=`cat $STATE_FILE`

# Initialize file, which contains name of running polciy
RUNNING_POLICY=/var/run/firewall.policy
[ ! -e $RUNNING_POLICY ] && touch $RUNNING_POLICY

# Firewall dir, which contains additional scripts and policy files
FIREWALL_DIR=/etc/firewall/

# The Policy file to load. If not given or not exists use [firewall name].fw
POLICY_SCRIPT=$2
if [ $# = "1" ] ; then
	POLICY_SCRIPT=$FIREWALL.fw
fi
[ ! -e $FIREWALL_DIR$POLICY_SCRIPT ] && POLICY_SCRIPT=$FIREWALL.fw

# Unload script is used to unload a policy and refer to default
UNLOAD_SCRIPT=Unload.fw


# IFCONFIG / IFUNCONFIG Used to enable / disable external interface. If external interface is not eth0 edit and rename the scripts and update these variables.
IFCONFIG=eth0.enable
IFUNCONFIG=eth0.disable

# Now what was this for?
DATE=`date`

# Use SuSE rc funtions
. /etc/rc.status
rc_reset

case "$1" in
	start)
	echo -n "Starting firewall :"
	# If state is other then 0 firewall is already running, load or unload should be used
	# Display only warning if firewall is already running. Starting it again and loading policy will not do any harm
	if [ $STATE != "0" ] ; then
		echo -n "   Warning, firwall already started ! "
	fi
	# Start the firewall, load the policy, echo the policy and date it was loaded to the appropriate file and update state file
	. $FIREWALL_DIR$POLICY_SCRIPT && . $FIREWALL_DIR$IFCONFIG && echo 1 >$STATE_FILE && echo $POLICY_SCRIPT, loaded $DATE >$RUNNING_POLICY
	rc_status -v
	;;
	stop)
	# If state = 0, firewall already shutdown, use start
	if [ $STATE = "0" ] ; then
		echo "Aborting, firewall is not running ! "
		exit 1
	fi
	# Unload the policy before shutting down
	$0 unload
	echo -n "Stopping firewall :"
	# After policy is unloaded, state should be 2, if not something failed. Warning would be enough. Shut down anyway
	STATE=`cat $STATE_FILE`
	if [ $STATE != "2" ] ; then
		echo -n "   Warning, policy unload failed ! "
	fi
	# Shut it down and update state file
	. $FIREWALL_DIR$IFUNCONFIG && echo 0 >$STATE_FILE
	rc_status -v
	;;
	unload)
	# If firewall is already down, unload is no use
	if [ $STATE = "0" ] ; then
		echo "Aborting, firewall not running ! "
		exit 1
	fi
	echo -n "Unloading firewall policy $POLICY_SCRIPT :"
	# Display warning, if no policy loaded. Refer to default policy anyway.
	if [ $STATE = "2" ] ; then
		echo -n "   Warning, no policy loaded ! "
	fi
	# Unload and update state file
	. $FIREWALL_DIR$UNLOAD_SCRIPT && echo 2 >$STATE_FILE && echo none >$RUNNING_POLICY
	rc_status -v
	;;
	load)
	# If firewall is shutdown, use start
	if [ $STATE = "0" ] ; then
		echo "Aborting, firewall not running ! "
		exit 1
	fi
	echo -n "Loading firewall policy $POLICY_SCRIPT :"
	# Load the policy and update state and running policy files
	. $FIREWALL_DIR$POLICY_SCRIPT && echo 1 >$STATE_FILE && echo $POLICY_SCRIPT, loaded $DATE >$RUNNING_POLICY
	rc_status -v
	;;
	restart)
	# If firewall is shutdown use start
	if [ $STATE = "0" ] ; then
		echo "Aborting, firewall not running ! "
		exit 1
	fi
	$0 stop && $0 start
	;;
	status)
	if [ $STATE = "0" ] ; then
		echo "Firewall is shutdown."
	else if [ $STATE = "1" ] ; then
		RUN=`cat $RUNNING_POLICY`
		echo "Firewall is running: $RUN"
		else if [ $STATE = "2" ] ; then
			echo "Firewall is running. No policy loaded."
			fi
		fi
	fi
	;;
	*)
	echo "Usage: $0 {start|stop|load|unload|restart|status} [policy]"
	exit 1
	;;
esac
rc_exit
