
#-----------------------------------------------------------------------
# DESCRIPTION
#-----------------------------------------------------------------------
#
# To install, copy this file to /etc/firewall/modules/public/services/
# 520-compaqdiag-servers & execute rc.firewall with the --update-config
# parameter. The proper options will be added to the configuration file.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2000-11-12 Edwin ten Brink <edwin@privateer.student.utwente.nl>
#            Inserted description. Fixed typo. Changed destination IP.
# 2000-11-11 Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept ignore deny
#n# compaqdiag
#t# servers
#
#   |--------------------------------------------------------------------|
#d# Compaqdiag broadcasts to the whole internet. It can be ignored to 
#d# avoid cluttering the logs. Some people may also need to enable 
#d# reception (denied by default).
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

module_name="compaqdiag"    # module name used in options
module_type="servers"       # the module type (clients, servers, etc.)
service_name="Compaq Diag"  # displayed on-screen
service_port="2301"         # port number for this service

for action in ignore deny accept
do
	case $action in
		accept|ignore)
				action_log_msg="$LOG_MSG"; action_log="$LOG";;
		deny)	action_log_msg="(logged)"; action_log="-l"  ;;
	esac

	for host in `Option_Value $action $INTOPT $module_name $module_type`
	do
		case $action in
			ignore|deny)
				echo "Deny $INTOPT 255.255.255.255 $service_name <- $host $action_log_msg"
				ipchains -A $INCHAIN -j DENY -p udp -s $host $service_port -d 255.255.255.255 $service_port $action_log
				;;
			accept)
				Accept_Hostports local udp "$service_name" $host $service_port
				;;
		esac
	done
done

unset module_name service_name service_port
unset action action_log_msg action_log host

