#-----------------------------------------------------------------------
# DESCRIPTION
#-----------------------------------------------------------------------
#
# This module should be placed in /etc/firewall/modules/public/services.
# You'll also need the port forwarding module (in public/port-forwarding)
#
# After installing the module, the user should execute rc.firewall with
# the --update-config parameter. The necessary options will be added to
# the configuration file.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-04-18 Jeremy Higgs <jhiggs@iprsystems.com>
#            Modifications made to use alternate UDP port of 1419 for
#            handshakes and TCP port of 407 when all else fails!
# 2001-03-13 Geoff Riley <geoffr@halcyoninternet.com>
#            Initial creation for v5.1
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 23
#a# accept ignore deny
#i# cluster
#n# timbuktu
#t# clients
#
#   |--------------------------------------------------------------------|
#d# timbuktu (Ports 1417:1420 TCP, 407 UDP)
#d# The following rules will allow an external Windows PC to connect to
#d# an internal Timbuktu host when strict or paranoid mode is on.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

module_name="timbuktu"       # module name used in options
module_type="clients"        # the module type (clients, servers, etc.)
service_name="Timbuktu"      # displayed on-screen
tcp_service_port="1417:1420" # port number for this service
udp_handshake_port="407"     # port number for this service
udp_handshake_port2="1419"
tcp_handshake_port="407"

for action in ignore deny accept
do
         case $action in
                 accept|ignore)
                         action_log_msg="$LOG_MSG"; action_log="$LOG";;
                 deny)   action_log_msg="(logged)"; action_log="-l"  ;;
         esac

         for host in `Option_Value $action $INTOPT $module_name $module_type`
         do
                 case $action in
                         ignore|deny)
                                 echo "Deny $INTOPT $IPADDR $service_name <- $host $action_log_msg"
                                 ipchains -A $INCHAIN -j DENY -p tcp -s $host -d $IPADDR $tcp_service_port $action_log
                                 ipchains -A $INCHAIN -j DENY -p udp -s $host -d $IPADDR $udp_handshake_port $action_log
                                 ipchains -A $INCHAIN -j DENY -p udp -s $host -d $IPADDR $udp_handshake_port2 $action_log
                                 ipchains -A $INCHAIN -j DENY -p udp -s $host -d $IPADDR $tcp_handshake_port $action_log
                                 ;;
                         accept)
                                 Accept_Hostports local tcp "$service_name" $host $tcp_service_port
                                 Accept_Hostports local udp "$service_name" $host $udp_handshake_port
                                 Accept_Hostports local udp "$service_name" $host $udp_handshake_port2
                                 Accept_Hostports local tcp "$service_name" $host $tcp_handshake_port
                                 ;;
                 esac
         done
done
unset module_name module_type service_name tcp_service_port 
udp_handshake_port udp_handshake_port2 tcp_handshake_port
unset action action_log_msg action_log host

