
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# Module for CheckPoint SecuRemote VPN client. This module needs to be
# linked in the public services directory, and if you use an MZ, in your
# private services directory also.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-04-08  Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#             Initial module written for v5.1.1
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 23
#a# accept
#i# cluster novirtual
#n# securemote
#t# servers
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT securemote servers`
do
	echo "Accept $INTOPT $NETADDR CheckPoint SecuRemote <-> $host CheckPoint FW-1 $LOG_MSG"

	[ "$INTERFACE_TYPE" = "public" ] && udp_source_port="$UNPRIVPORTS" || udp_source_port="259"

	if [ "$CLUSTER_NAME" ]
	then
		ipchains -A $INCHAIN   -j ACCEPT -p tcp      -s $NETADDR $UNPRIVPORTS -d $host 264 $LOG
		ipchains -A $OUTCHAIN  -j ACCEPT -p tcp ! -y -s $host 264 -d $IPADDR $UNPRIVPORTS $LOG

		ipchains -A $INCHAIN  -j ACCEPT -p udp -s $NETADDR $udp_source_port -d $host 259 $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $host 259 -d $IPADDR $udp_source_port $LOG
	else
		ipchains -A $INCHAIN  -j ACCEPT -p tcp ! -y -s $host 264 -d $IPADDR $UNPRIVPORTS $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p tcp      -s $NETADDR $UNPRIVPORTS -d $host 264 $LOG

		ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host 259 -d $IPADDR $udp_source_port $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $NETADDR $udp_source_port -d $host 259 $LOG
	fi
done

