
#-----------------------------------------------------------------------
# DESCRIPTION
#-----------------------------------------------------------------------
#
# This module should be placed in /etc/firewall/modules/public/services.
# You'll also need the port forwarding module (in public/port-forwarding)
#
# After installing the module, the user should execute rc.firewall with
# the --update-config parameter. The necessary options will be added to
# the configuration file.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-03-13 Geoff Riley <geoffr@halcyoninternet.com>
#            Initial module written for v5.1.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 23
#a# accept ignore deny
#i# cluster
#n# timbuktu
#t# servers
#
#   |--------------------------------------------------------------------|
#d# timbuktu (Ports 1417:1420 TCP, 407 UDP)
#d# The following rules will allow an internal Windows PC to connect to
#d# an external Timbuktu host when strict or paranoid mode is on.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

module_name="timbuktu"       # module name used in options
service_name="Timbuktu"      # displayed on-screen
module_type="servers"        # the module type (clients, servers, etc.)
tcp_service_port="1417:1420" # tcp port number for this service
udp_service_port="407"       # udp port number for this service

for action in ignore deny accept
do
	case $action in
	accept|ignore)
		action_log_msg="$LOG_MSG"; action_log="$LOG";;
	deny)
		action_log_msg="(logged)"; action_log="-l"  ;;
	esac

	for host in `Option_Value $action $INTOPT $module_name $module_type`
	do
		case $action in
		ignore|deny)
			echo "Reject $INTOPT $IPADDR -> $host $service_name $action_log_msg"
			ipchains -A $OUTCHAIN -j REJECT -p tcp   -y -s $IPADDR -d $host $tcp_service_port $action_log
			ipchains -A $OUTCHAIN -j REJECT -p udp      -s $IPADDR -d $host $udp_service_port $action_log
		;;
		accept)
			echo "Accept $INTOPT $IPADDR $service_name -> $host $service_name"
			ipchains -A $OUTCHAIN -j ACCEPT -p tcp      -s $IPADDR $UNPRIVPORTS    -d $host $tcp_service_port $ACTION_LOG
			ipchains -A $INCHAIN  -j ACCEPT -p tcp ! -y -s $host $tcp_service_port -d $IPADDR $UNPRIVPORTS    $ACTION_LOG
			ipchains -A $OUTCHAIN -j ACCEPT -p udp      -s $IPADDR $UNPRIVPORTS    -d $host $udp_service_port $ACTION_LOG
			ipchains -A $INCHAIN  -j ACCEPT -p udp      -s $host $udp_service_port -d $IPADDR $UNPRIVPORTS    $ACTION_LOG
		;;
		esac
	done
done

unset module_name module_type service_name
unset tcp_service_port udp_service_port
unset action action_log_msg action_log host

