
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# This module supports the CIPE VPN. This module expects each host to 
# have a pair of port numbers (source and destination) using the same 
# syntax as the Forward_Hostposts function.
#
# To install, link this file to 
# /etc/firewall/public/services/070-cipe-hostports. Since VPN bandwidth 
# use may be very high, it's preferable to keep this module near the 
# top. Execute /etc/firewall/sbin/rcf with the --update-config 
# parameter. This will add the new options to the configuration file.
#
# References:
#   http://sites.inka.de/~bigred/devel/cipe.html
#   http://cipe-win32.sourceforge.net/
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-03-20  Dougal Holmes <dholmes@bigpond.net.au>
#             Initial module copied from vtun for v5.1
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#n# cipe
#a# accept
#t# hostports
#m# 123
#
#   |--------------------------------------------------------------------|
#d# CIPE (User defined UDP)
#d# Host/port of other servers you'll be communicating with via an CIPE VPN
#d# You should declare your VPN interface as a DMZ or PUBLIC interface,
#d# however the interface can be a MZ or PRIVATE interface if you trust
#d# the other end of the VPN.
#d#
#d# Syntax:
#d#   access-[int]-cipe-clients host/ip localport->remoteport,[...]
#d#
#d# Each host must have a single local and remote port declared
#d# Note that the local port is different for each CIPE VPN host
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

module_name="cipe"          # module name used in options
module_type="hostports"     # the module type (clients, servers, etc.)
service_name="CIPE VPN"     # displayed on-screen

#-----------------------------------------------------------------------
# CIPE VPN (User Defined Ports)
#-----------------------------------------------------------------------


HOSTS="`Option_Value accept $INTERFACE $module_name $module_type`"

cipe_host=''
for FIELD in `echo $HOSTS|sed 's/,/ *separator* /g'`
do
	if [ $FIELD = "*separator*" ]
	then
		cipe_host=''
	elif [ ! "$cipe_host" ]
	then
		cipe_host="$FIELD"
	else
		case $FIELD in
			[0-9]*-\>[0-9]*)
				remote_port="`echo $FIELD|sed 's/\([0-9]*\)->[0-9]*/\1/'`"
				local_port="`echo $FIELD|sed 's/[0-9]*->\([0-9]*\)/\1/'`"
				;;
			*)
				remote_port=$FIELD
				local_port=$FIELD
				;;
		esac

		echo "Accept $INTERFACE $IPADDR:$local_port <-> $cipe_host:$remote_port $LOG_MSG $service_name"
		ipchains -A $INCHAIN  -j ACCEPT -p udp -s $cipe_host $remote_port  -d $IPADDR    $local_port   $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $IPADDR    $local_port   -d $cipe_host $remote_port  $LOG
		unset local_port
		unset remote_port

	fi
done

