#!/bin/sh
#
# ipmasq        This shell script takes care of starting and stopping
#               IP Masquerade.
#
# chkconfig: 2345 11 30
# description: setting IP Masquerade

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

IPCHAINS=/sbin/ipchains
IPFWFILE=/proc/sys/net/ipv4/ip_forward

[ -f ${IPCHAINS} ] || exit 0

PROTO="ftp cuseeme irc quake raudio vdolive"
LOCALNET=192.168.1.0/24

# See how we were called.
case "$1" in
  start)
	# Start daemons.
	echo -n "Starting IP Masquerade: "
	[ -e $IPFWFILE ] && echo 1 > $IPFWFILE || failure "IP Masq"
	# IP spoofing protection
	for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
	    echo 1 > $i
	done
	$IPCHAINS -F
	for i in ${PROTO}; do
	    modprobe ip_masq_${i}.o && echo -n "$i "
	done
	$IPCHAINS -P forward DENY
	$IPCHAINS -A forward -s $LOCALNET -d 0.0.0.0/0 -j MASQ
	success "IP Masq"
	echo
	;;
  stop)
	# Stop daemons.
	echo -n "Stopping IP Masquerade: "
	[ -e $IPFWFILE ] && echo 0 > $IPFWFILE || failure "IP Masq"
	$IPCHAINS -F
	for i in ${PROTO}; do
	    modprobe -r ip_masq_${i}.o && echo -n "$i "
	done
	success "IP Masq"
	echo
	;;
  restart)
	$0 stop
	$0 start
	;;
  *)
	echo "Usage: ipmasq {start|stop|restart}"
	exit 1
esac

exit 0

