
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# These rules were mostly based on <http://lmhansen.tzo.com/HalfLife/
# proxy1.html>.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2000-11-05  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Added local_tcp_ports andlocal_udp_ports. Also added
#             port 27015 to remote_udp_ports variable.
# 2000-10-31  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.1.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#n# halflife
#a# accept
#t# hosts
#
#   |--------------------------------------------------------------------|
#d# Half-Life
#d# 
#d# Example:
#d#   accept-eth1-halflife-hosts = any/0
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------


#--------------------------------------------------------------------
# Half-Life
#--------------------------------------------------------------------

remote_tcp_ports="6003:6004 7002:7003"
remote_udp_ports="27009:27012 27015"
local_tcp_ports=""
local_udp_ports=""

for host in `Option_Value accept $INTOPT halflife hosts`
do
	Accept_Hostports local tcp "Half-Life" $host $local_tcp_ports
	Accept_Hostports local udp "Half-Life" $host $local_udp_ports

	for port in $remote_tcp_ports
	do
		ipchains -A $INCHAIN  -j ACCEPT -p tcp ! -y -s $host $port -d $IPADDR $UNPRIVPORTS $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p tcp      -s $IPADDR $UNPRIVPORTS -d $host $port $LOG
	done

	for port in $remote_udp_ports
	do
		ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host $port -d $IPADDR $UNPRIVPORTS $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $IPADDR $UNPRIVPORTS -d $host $port $LOG
	done
done
unset remote_tcp_ports remote_udp_ports local_tcp_ports local_udp_ports host port

