#!/bin/sh
# Setzt den Firewall zusammen mit IP-Masquerading auf

. /etc/rc.config

# IP-forwarding anschalten
echo 1 > /proc/sys/net/ipv4/ip_forward

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
# test $link = $base && FW_START=yes
# test "$FW_START" = yes || exit 0


if test `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ; then
  case $1 in
    stop)
#TODO: reset firewall to default here!!!!
    echo -n "Shutting down firewall:"
    echo -e "$rc_done"  
   ;;

    start)
#TODO: add all rules here later on
#      now only forwarding is enabled
#      everything alse is ACCEPT by default
    echo -n "Initializing firewall:"
    iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE 
#TODO: check for success
    echo -e "$rc_done"  
    ;;

    restart|reload)
      $0 stop  &&  $0 start  ||  return=$rc_failed
      ;;

    status|list)
         echo "not implemented."
      exit 0
      ;;

    *)
      echo ""
      echo "Usage: $0 {start|stop|status|restart|reload}"
      exit 1
      ;;
  esac  
else
  echo -n "Kernel lacks iptables or forwarding support - firewall not enabled"
  return=$rc_failed
fi
  