#!/bin/sh
#
# Startup script for the Firestarter Application Suite
#
# chkconfig: 2345 08 92
#
# description: Automates the startup of Firestarter's generated ruleset
#
# Script Author:	Paul Drain <pd@cipherfunk.org>
#   -- a hack taken from the default RH ipchains startup script
#
# config: /etc/firestarter/firewall.sh
#

# Source function library.
. /etc/init.d/functions

# Get config.
. /etc/sysconfig/network

# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
	exit 0
fi

[ -x /usr/bin/firestarter ] || exit 0

FS_CONFIG="/etc/firestarter/firewall.sh"
RETVAL=0

start() {
	if [ -f $FS_CONFIG ]; then
	# Clear the existing rulesets out, so we don't run into any duplicates
	action "Flushing all current rules and user defined chains:" iptables -F
	action "Clearing all current rules and user defined chains:" iptables -X
	action "Zeroing all current rules:" iptables -Z
	gprintf "Applying Firestarter configuration: "
        $FS_CONFIG
		success "Applying Firestarter configuration" || 
		failure "Applying Firestarter configuration"
	echo
	touch /var/lock/subsys/firestarter
	fi
}

stop() {
	action "Flushing all current rules and user defined chains:" iptables -F
	action "Clearing all current rules and user defined chains:" iptables -X
    	action "Zeroing all current rules:" iptables -Z
	gprintf "Resetting built-in chains to the default ACCEPT policy:"
		iptables -P INPUT ACCEPT
		iptables -P FORWARD ACCEPT
		iptables -P OUTPUT ACCEPT
	success "Resetting built-in chains to the default ACCEPT policy" ||\
	failure "Resetting built-in chains to the default ACCEPT policy"
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter
	return $RETVAL
}

panic() {
	gprintf "Changing target policies to DENY: "
		iptables -P INPUT DENY
		iptables -P FORWARD DENY
		iptables -P OUTPUT DENY 
	success "Changing target policies to DENY" ||
	failure "Changing target policies to DENY"
	echo
	action "Flushing all current rules and user defined chains:" iptables -F
	action "Clearing all current rules and user defined chains:" iptables -X
	action "Zeroing all current rules:" iptables -Z
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/firestarter
	return $RETVAL
}

# See how we were called.
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  status)
	iptables -nL
	;;
  restart)
	if [ -f /var/lock/subsys/firestarter ]; then
            stop
            start
	else
	   start
        fi
	;;
  panic)
	panic
	;;
  *)
	gprintf "Usage: firestarter {start|stop|status|restart|panic}\n"
	exit 1
esac
exit $RETVAL