#!/bin/sh
#
# chkconfig: 2345 26 74
# description: ipfilter
# processname: ipfilter
# config: /etc/sysconfig/ipfilter

CONFIG=/etc/sysconfig/ipfilter
LOGPRI=user.info
IPFCONF=/etc/ipf.conf
IPNATCONF=/etc/ipnat.conf
IPPOOLCONF=/etc/ippool.conf

# Source function library.
. /etc/init.d/functions
if [ ! -f /etc/ipf.conf -a ! -f /etc/ipnat.conf ] ; then
	exit 0
fi
RETVAL=0

logit() {
	if [ $1 -ne 0 ] ; then
		logger -t $2 -p $LOGPRI "$3"
	fi
}

start() {
	modprobe ipfilter
	echo -n $"Starting IPFilter: "

	minor=0
	ipfdev=`awk ' /ipf/ { print $1; } ' /proc/devices`
	for i in ipl ipnat ipstate ipauth ipsync ipscan iplookup; do
		/bin/rm -f /dev/$i
		mknod /dev/$i c $ipfdev $minor
		minor=`expr $minor + 1`
	done
	if [ -f $IPFCONF ] ; then
		msg=`/sbin/ipf -f $IPFCONF 2>&1`
		RETVAL=$?
		logit $RETVAL ipf "$msg"
	fi
	if [ $RETVAL -eq 0 -a -f $IPNATCONF ] ; then
		msg=`/sbin/ipnat -f $IPNATCONF 2>&1`
		RETVAL=$?
		logit $RETVAL ipnat "$msg"
	fi
	if [ $RETVAL -eq 0 -a -f $IPPOOLCONF ] ; then
		msg=`/sbin/ippool -f $IPPOOLCONF 2>&1`
		RETVAL=$?
		logit $RETVAL ippool "$msg"
	fi
	if [ $RETVAL -eq 0 ] ; then
		/usr/bin/ipmon -Das
		RETVAL=$?
	fi
	if [ $RETVAL -eq 0 ] ; then
		echo_success
	else
		echo_failure
	fi
	echo
	return $RETVAL
}

stop() {
	echo -n $"Shutting down IPFilter: "
	killproc ipmon
	RETVAL=$?
	[ $RETVAL -eq 0 ] && /sbin/modprobe -r ipfilter 2>&1 >/dev/null
	echo
	return $RETVAL
}

dostatus() {
	status ipmon
	RETVAL=$?
}

restart() {
	stop
	start
	RETVAL=$?
}

# See how we were called.
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  status)
	dostatus
	;;
  restart|reload)
	restart
	;;
  *)
	echo "Usage: ipfilter {start|stop|status|restart|reload}"
	RETVAL=1
esac

exit $?
