#!/bin/sh
#
# firewall      This shell script takes care of starting and stopping
#               the fwbuilder firewall.
#
# chkconfig: 2345 11 89
# description: fwbuilder firewall 

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -d /etc/firewall/ ] || exit 0

RETVAL=0
prog="firewall"

start() {
	# Start daemons.
	echo -n $"Starting $prog: "
	daemon /etc/firewall/`hostname -s`.fw
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/firewall
	return $RETVAL
}

stop() {
	# Stop daemons.
	echo -n $"Shutting down $prog: "

        iptables -F
	iptables -X
	
        iptables -P INPUT DROP && \
            iptables -P FORWARD DROP && \
            iptables -P OUTPUT DROP && \
          success $"Resetting built-in chains to the default DROP policy" || \
          failure $"Resetting built-in chains to the default DROP policy"

	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firewall
	return $RETVAL
}

# See how we were called.
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart|reload)
	stop
	start
	RETVAL=$?
	;;
  condrestart)
	if [ -f /var/lock/subsys/firewall ]; then
	    stop
	    start
	    RETVAL=$?
	fi
	;;
  status)
	base="firewall"
	pid="?"
	if [ -f /var/lock/subsys/firewall ]; then
	    echo $"${base} (pid $pid) is running..."
	    RETVAL=0
        else
	    echo $"${base} is stopped"
	    RETVAL=1
	fi
	;;
  *)
	echo $"Usage: $0 {start|stop|restart|condrestart|status}"
	exit 1
esac

exit $RETVAL

