#!/bin/sh
#
# firewall      This shell script takes care of starting and stopping
#               the firewall.
#
# chkconfig: 2345 11 90
# description: rcf (aka rc.firewall) is an ipchains-based firewall with support for over 50 network services (including vtun, dhcp, nfs, smb, napster, proxies, online games, etc.), masquerading, port forwarding, and ip accounting. All services are self-contained modules which can be prioritized easily in the ipchains stack. Protections include spoofing, stuffed routing/masqerading, DoS, smurf attacks, outgoing port scans, and many more.  rcf also supports multiple public, private (masqu'ed), dmz, and mz (non-masq'ed) networks and interfaces. Access rules are defined per interface and dmz/mz server groups.
# processname:
# config: /etc/firewall.conf
 
# Source function library 
[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions	# Red Hat

# Source networking configuration.
if [ -f /etc/sysconfig/network ]	# Red Hat
then
	. /etc/sysconfig/network
elif [ -f /etc/network/options ]	# Debian
then
	. /etc/network/options
fi

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

[ -x /sbin/rcf ] || exit 0

[ -f /etc/firewall.conf ] || exit 0

RETVAL=0

# See how we were called.
case "$1" in
	start|restart|reload|force-reload)
		/sbin/rcf
		RETVAL=$?
		if [ $RETVAL -eq 0 ]
		then
			[ -d /var/lock/subsys ] && touch /var/lock/subsys/firewall
			echo "Firewall Started."
		else
			[ -d /var/lock/subsys ] && rm -f /var/lock/subsys/firewall
			echo "Error Starting Firewall!"
		fi
		;;
	stop)
		/sbin/rcf --accept-all
		RETVAL=$?
		[ $RETVAL -eq 0 -a -d /var/lock/subsys ] && rm -f /var/lock/subsys/firewall
        ;;
	status)
		TOTAL_RULES="`ipchains -L -n|grep -v '^Chain  *'|grep -v '^target  *'|sed -n '$='`"
		echo "$TOTAL_RULES IPchains Firewall Rules (includes IP Accounting)"
		unset TOTAL_RULES
        ;;
	*)
		echo "Usage: `basename $0` {start|stop|restart|reload|force-reload|status}"
		RETVAL=1
		;;
esac

exit $RETVAL
