#!/bin/bash
#Copyright 2003 William Stearns <wstearns@pobox.com>
#Released under the GPL.

Me='banfor30'
MyVersion='0.4.0'
DefaultActions='DROP'

[ -r /etc/modwall/modwall.conf ] &&			. /etc/modwall/modwall.conf
[ -r /etc/modwall/$Me.conf ] &&				. /etc/modwall/$Me.conf
[ -r ${MWLibDir:-'/usr/lib/modwall/'}/modwalllib ] &&	. ${MWLibDir:-'/usr/lib/modwall/'}/modwalllib
if [ -z "$MWLibVer" ]; then
	echo 'It looks like modwalllib was not loaded, why?  Exiting' >&2
	exit 1
fi

for OneTask in $Tasks ; do
	case "$OneTask" in
	link)
		$IptablesBin -N $Me >/dev/null 2>&1
		;;
	unlink)
		$IptablesBin -X $Me >/dev/null 2>&1
		;;
	create)
		echo "Starting $Me" >&2
		FlushOrNewChain $Me
					$IptablesBin -A $Me -s 127.0.0.1			-j RETURN
		LogAs='BanFor30'	$Ipt -A $Me -m recent --name banfor30 --rsource --set	$Tail
		;;
	destroy)
		echo "Stopping $Me" >&2
		DestroyChain $Me
		;;
	renamechain)
		echo "$Me does not support renamechain." >&2
		#TempChain="$Me-$RANDOM"
		#echo "Replacing existing rules in $Me with new rules" >&2
		#$IptablesBin -E $Me $TempChain
		;;
	replacelinks)
		echo "$Me does not support replacelinks." >&2
		#if [ -z "$TempChain" ]; then
		#	echo "No temporary chain to relink in $Me replacelinks, replace operation incomplete." >&2
		#elif ! $IptablesBin -L $Me -n >/dev/null 2>&1 ; then
		#	echo "No $Me chain in $Me, replace operation incomplete." >&2
		#elif ! $IptablesBin -L $TempChain -n >/dev/null 2>&1 ; then
		#	echo "No $TempChain chain in $Me, replace operation incomplete." >&2
		#elif [ "`$IptablesBin -L INPUT -n --line-numbers | grep $TempChain | wc -l`" -ne 1 ]; then
		#	echo "Too few/many references to $TempChain in INPUT in $Me replacelinks, replace operation incomplete." >&2
		#elif [ "`$IptablesBin -L FORWARD -n --line-numbers | grep $TempChain | wc -l`" -ne 1 ]; then
		#	echo "Too few/many references to $TempChain in FORWARD in $Me replacelinks, replace operation incomplete." >&2
		#elif [ "`$IptablesBin -L OUTPUT -n --line-numbers | grep $TempChain | wc -l`" -ne 1 ]; then
		#	echo "Too few/many references to $TempChain in OUTPUT in $Me replacelinks, replace operation incomplete." >&2
		#else
		#	DestroyChain $TempChain
		#	unset TempChain
		#fi
		;;
	status)
		if $IptablesBin -L $Me -n >/dev/null 2>&1 ; then
			echo "$Me created" >&2
		else
			echo "$Me destroyed" >&2
		fi
		;;
	version)
		echo "$Me $MyVersion, modwalllib $MWLibVer" >&2
		;;
	help)
		DefaultHelp
		cat <<EOTEXT >&2
	The $Me module provides a chain which, if called by some other
rule, bans that source IP from making NEW connections for 30 seconds. 
Actually, this chain just _remembers_ the source IP in the "banfor30"
recent table; to actually accomplish a 30 second ban, the "checkbans"
brick must be loaded before NEW traffic rules accept traffic.
EOTEXT
		;;
	*)
		echo "Unknown action $Action in $Me, no action taken." >&2
		;;
	esac
done