#!/bin/bash
#Version 0.1.1
#Copyright (c) 1999, William Stearns <wstearns@pobox.com>
#Released under the GPL.
#This script adds support for ipchains firewalls to the users of 
#firewalls created by the ipfwadm dotfile generator.  It should be 
#run at each boot (as the user may boot either ipchains or ipfwadm kernels),
#and after any changes are made to /etc/ppp/ipfw.dotfile.
#Two points to John Hardin for writing the ipfwadm dotfile generator.  See 
#ftp://ftp.rubyriver.com/pub/jhardin/
#for more information on this and other networking/firewall projects. 
#This script requires ipfwadm2ipchains, which can be found at 
#http://www.pobox.com/~wstearns/ipfwadm2ipchains/  .  Place it in some 
#directory on your path.

#Adjust the following as necessary to match your system.
#Call /etc/ppp/firewall from /etc/ppp/ip-up.
FWDIR="/etc/ppp"
WALLLINK="firewall"
WALLIPFWADM="ipfw.dotfile"
WALLIPCHAINS="ipchains.dotfile"

cd $FWDIR

#When this script is run for the first time, we move "firewall" to 
#ipfw.dotfile so that firewall can be a symbolic link.
if [ ! -L $WALLLINK ]; then
	mv -bf $WALLLINK $WALLIPFWADM
fi

#If the ipfwadm version of the firewall is newer than the ipchains version
#(probably because the user updated the ipfwadm version), or the ipchains
#version of the firewall doesn't exist at all, the ipchains version 
#is created from the ipchains version.
if [ $WALLIPFWADM -nt $WALLIPCHAINS ] || [ ! -f $WALLIPCHAINS ]; then
	echo Converting dotfile ipfwadm rules to ipchains rules - please wait a moment. >/dev/stderr
    cat $WALLIPFWADM \
	| sed -e 's/\-V [^ ]* //' \
          -e 's/^\([^=]*\)=\"\([^\"]*\)\"\(.*\)/\1=\" \2 \"\3/' \
    | ipfwadm2ipchains >$WALLIPCHAINS
	#Line by line:
	#Remove all -V references, as ipfw.dotfile already uses -W's
	#The sed script with the ='s puts a space at the beginning and end of the sole
	#quoted string on a line.  This allows i2i to inspect each word in the string 
	#seperately, as i2i deals with space separated objects.
	#It replaces   export MYVAR="ff gg hh"   with   export MYVAR=" ff gg hh "
	#Convert all ipfwadm commands to ipchains commands.
fi

#If we're booting an ipchains kernel, link firewall to the ipchains version
#of the script.  Likewise, ipfwadm.
if [ -f /proc/net/ip_fwchains ]; then
	ln -sf $WALLIPCHAINS $WALLLINK
elif [ -f /proc/net/ip_input ]; then
	ln -sf $WALLIPFWADM $WALLLINK
else
	rm -f firewall
	echo Warning! this kernel supports neither ipchains nor ipfwadm. >/dev/stderr
	echo It will not be possible to provide a firewall. >/dev/stderr
    echo -n -e "\a" >/dev/stderr		#Beep
	sleep 1
    echo -n -e "\a" >/dev/stderr
	sleep 1
    echo -n -e "\a" >/dev/stderr
	sleep 10
fi