#!/bin/sh
#
# firebricks        Starts and stops a firebricks firewall.
#
#
# chkconfig: 2345 18 92
# description: firebricks is a modular firewall based on iptables.
# Version 0.1.8

# Debian flags for runlevels - similar to RH's chkconfig.
FLAGS="defaults 19"

# Source function library.
if [ -f /etc/rc.d/init.d/functions ]; then
	. /etc/rc.d/init.d/functions
fi

FIREBRICKSCONF=${FIREBRICKSCONF:-"/etc/firebricks/firebricks.conf"}
[ -f $FIREBRICKSCONF ] || exit 0

if [ -f $FIREBRICKSCONF ]; then
	. $FIREBRICKSCONF
fi
#FIREBRICKSLIB=${FIREBRICKSLIB:-"/usr/lib/firebricks/firebrickslib"}
#if [ -f $FIREBRICKSLIB ]; then
#	. $FIREBRICKSLIB
#else
#	echo Missing $FIREBRICKSLIB library file.  Please get a complete copy of Firebricks from >&2
#	echo http://www.stearns.org/firebricks/ .  Exiting. >&2
#	exit
#fi

if ! type FirebricksStart >/dev/null 2>/dev/null ; then
	#Place the bricks to be called when "/etc/init.d/firebricks start" is run
	FirebricksStart () {
		export PATH="/usr/lib/firebricks/:$PATH"

		lockdown

		kernel start

		banfor30
		scrutinizedst
		scrutinizesrc
		#histogram
		autoreject

		macchk
		inputsrcaddrtype
		outputdstaddrtype
		fwdsrcaddrtype
		fwddstaddrtype
		address
		bogons
		icmpchk
		icmpfwdchk	scrutinizesrc banfor30 DROP
		ipopts		scrutinizesrc banfor30 DROP
		plength
		tcpchk		scrutinizesrc banfor30 DROP
		udpchk		scrutinizesrc banfor30 DROP
		catchmapper	scrutinizesrc DROP
		catchmapreply	scrutinizedst DROP

		mapssh
		pasvmap

		scrutinize
		checkbans
		shunsrc
		shundst
		punishmapper

		established

		blockfwdports
		identreject

		local-forward-accept
		local-input-accept
		local-output-accept

		logremainder

		policy

		lockdown stop
	}
fi

if ! type FirebricksStop >/dev/null 2>/dev/null ; then
	#Place the bricks to be called when "/etc/init.d/firebricks stop" is run
	FirebricksStop () {
		export PATH="/usr/lib/firebricks/:$PATH"

		lockdown
	}
fi

# See how we were called.
case "$1" in
start)
	echo -n "Starting Firebricks firewall: "
	FirebricksStart
	if [ -d /var/lock/subsys ]; then
		touch /var/lock/subsys/firebricks
	fi
	echo
	;;
stop)
	echo -n "Shutting down Firebricks firewall: "
	FirebricksStop
	if [ -d /var/lock/subsys ]; then
		rm -f /var/lock/subsys/firebricks
	fi
	echo
	;;
#status)
#	status syslogd
#	status klogd
#	;;
restart)
	$0 stop
	$0 start
	;;
force-reload)
	$0 stop
	$0 start
	;;
*)
	echo "Usage: $0 {start|stop|restart|force-reload}"
	exit 1
esac

exit 0