#!/bin/sh
#
# irda          This shell script takes care of starting and stopping
#               IrDA support
#
# description: lrmanager is the irda daemon required for irda to work \
# properly. 
#
# chkconfig: 2345 47 85

# Source function library.
. /etc/rc.d/init.d/functions

irdanet=1.2.0.128/25
irnet1=1.2.0.187
irnet2=1.2.0.234
irnet3=1.2.0.248
irgate=1.2.0.254
noosnet=192.168.0.0/24
#	alcanet =	139.54.64.0/21
#	alproxy =	155.132.205.190/32
xgproxy=192.168.0.1/32
lib_net=192.168.0.77/32

# delete a list of modules
delmod ()
{
for i in $1 ; do  
	rm=`modprobe -r $i`
done 
}
LOG="-`date +%d`.log"

# Source IrDA networking configuration.
. /etc/sysconfig/irda


# Check that irda is up.
[ ${IRDA} = "no" ] && exit 0

[ -f /usr/sbin/irattach ] || exit 0
echo "IRDA $0 $1 $2 !!"

ARGS=
if test -n "$DONGLE" ; then
	ARGS="$ARGS -d $DONGLE"
fi
if [ "$DISCOVERY" = "yes" ];then
	ARGS="$ARGS -s"
fi

if test -n "$2" ; then
	DEVICE=$2
fi
# See how we were called.
case "$1" in
  start)
        # Attach irda device 
        echo -n "Starting IrDA: "
        daemon /usr/sbin/irattach ${DEVICE} ${ARGS}
		touch /var/lock/subsys/irda
        echo
        ;;
  palm)
        echo -n "Starting IrDA: "
#        daemon /usr/sbin/irattach ircomm
		# start irda driver /etc/sysconfig/irda
		ifconfig irda0 irnet1 netmask 255.255.255.0 up
		touch /var/lock/subsys/irda
		echo 0 >/proc/sys/net/irda/debug
        ;;
  palv)
        echo -n "Starting IrDA: "
		modprobe ircomm-tty
		$0 start
		sleep 1
		echo 0 >/proc/sys/net/irda/debug
		ifconfig irda0 irnet1 netmask 255.255.255.0 up
        daemon /usr/sbin/irattach ircomm
		touch /var/lock/subsys/irda
		# start irda driver /etc/sysconfig/irda
		echo 0 >/proc/sys/net/irda/debug
        ;;
  ptel)
        echo -n "Starting IrDA: " >> /etc/irda/ppps$LOG
		date  >> /etc/irda/ppps$LOG
#        daemon /usr/sbin/irattach ircomm
		# start irda driver /etc/sysconfig/irda
		ifconfig irda0 up
#		ifconfig irda0  irnet1 netmask 255.255.255.0 up
		sleep 2
		touch /var/lock/subsys/irda
#		ifconfig irlan0 irnet1 netmask 255.255.255.0 up
		sleep 2
#		pppd /dev/ircomm 9600 passive persist logfile /etc/irda/ppps$LOG
		echo "pppd /dev/ircomm call palm"
		pppd /dev/ircomm logfile /etc/irda/ppps$LOG call palm
#		pppd /dev/ircomm call palm

		echo 0 >/proc/sys/net/irda/debug
		$0 ipt
        ;;
  pppd)
		$0 start
		sleep 1
		echo 0 >/proc/sys/net/irda/debug
		ifconfig irda0 up
#		ifconfig irda0 up irnet1 netmask 255.255.255.0
		#
		pppd /dev/irnet 115200 passive persist logfile /etc/irda/ppps$LOG
        ;;
  pppt)
#		$0 start toshoboe
		$0 start vlsi_oboe
		sleep 1
		echo 0 >/proc/sys/net/irda/debug
		ifconfig irda0 up
#		ifconfig irda0 up irnet1 netmask 255.255.255.0
		#
		pppd /dev/irnet 9600 passive persist logfile /etc/irda/ppps$LOG
        ;;
  ppp2)
		$0 start
		sleep 1
		ifconfig irda0 up
#		ifconfig irda0 up irnet2 netmask 255.255.255.0
		while !(grep -q nickname /proc/net/irda/discovery) ; do
			sleep 1
		done
		echo 0 >/proc/sys/net/irda/debug
		grep nickname /proc/net/irda/discovery
		pppd /dev/irnet 9600 irnet2:irnet1 logfile /etc/irda/pppm$LOG
        ;;
  pppp)
		pppd /dev/irnet 9600 irnet2:irnet1 logfile /etc/irda/pppm$LOG
        ;;
  stop)
        # Stop service.
        echo -n "Shutting down pppd: "
		fuser -ks /dev/irnet
		fuser -ks /dev/ircomm
#	ipchains -F
#	ipchains -X
	modprobe -r ipchains
	$0 ipt-
       echo
        echo -n "Shutting down IrDA: "
		echo 0 >/proc/sys/net/irda/debug
		for net in irlan0 irda0 ; do
		if grep -q ${net}: /proc/net/dev ; then
			ifconfig $net down
		fi
		done
		killproc irattach
		rm -f /var/lock/subsys/irda
		delmod "irnet ppp_deflate ppp_async ppp_generic slhc ircomm-tty ircomm irlan" 
		delmod "donauboe toshoboe vlsi_oboe irtty irda"
        echo
        ;;
  ipf)
for net in all irda0 default; do
echo 0 > /proc/sys/net/ipv4/conf/$net/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/$net/forwarding
echo 1 > /proc/sys/net/ipv4/conf/$net/accept_redirects
done
        ;;
  ipk)
	modprobe -v ipchains

	ipchains -F
	ipchains -X

	ipchains -P input REJECT
	ipchains -P forward DENY
	ipchains -P output ACCEPT

#	localhost and ethernet. tout sauf ypbind
#	ipchains -A input -i lo -p udp --destination-port 111 -j REJECT
	ipchains -A input -i lo -j ACCEPT
###	Traiter avant log
#	ignore udp(17):6398 = Ghost
#	ipchains -A input -i eth0 -p udp --destination-port 6398    -j DENY
#	accept netbios
#	ipchains -A input -i eth0 -p udp --destination-port 137:919 -j ACCEPT
	ipchains -A input -i eth0 -p udp --destination-port 137:139 -j ACCEPT
	ipchains -A input -i eth0 -p tcp --destination-port 137:139 -j ACCEPT
#	accept broadcast bootps/67 xdmcp/177
	ipchains -A input -i eth0 -p udp -d 255.255.255.255 --destination-port   67 -j ACCEPT
	ipchains -A input -i eth0 -p udp -d 255.255.255.255 --destination-port  177 -j ACCEPT
#	#	cpq-wbem	2301/udp		Compaq HTTP
#	ipchains -A input -i eth0 -p udp -d 139.054.071.255 --destination-port 2301 -j ACCEPT
#	#	x11			6000-6063/tcp	X Window System
	ipchains -A input -i eth0 -p tcp -s $noosnet --source-port 6000:6009 -j ACCEPT
	ipchains -A input -i eth0 -p udp -d ! $noosnet -j DENY
#	ipchains -A input -i eth0 -p udp -d ! $alcanet -j DENY
#	last rule in input chain is for logging.
	ipchains -A input -l
	ipchains -A input -i eth0 -j ACCEPT 

#	ipchains -N block
##		Anti-spoofing.
#		ipchains -A block -i eth0 -s $irnet -j RETURN
##		Everything above 1024 is fair game.
#		ipchains -A block -p tcp -i eth0 --destination-port 1024:65535 -j ACCEPT
#		ipchains -A block -p udp -i eth0 --destination-port 1024:65535 -j ACCEPT
##		SSH and ident
#		ipchains -A block -p tcp -i eth0 --destination-port 22 -j ACCEPT
#		ipchains -A block -p tcp -i eth0 --destination-port 113 -j ACCEPT
##		All ICMP on ppp too.
#		ipchains  -A block -p icmp -i eth0 -j ACCEPT
#	ipchains -A input -j block


#	Enable MASQ
	echo 1 > /proc/sys/net/ipv4/ip_forward
	ipchains -A input -s $irnet -j ACCEPT
	ipchains -A forward -s $irnet -j MASQ
#	ipchains -A forward -s $alcanet -j MASQ
	ipchains -A forward -s $noosnet -j MASQ
    ;;
############################################# iptables #########################
  ipt-)
	iptables -F
	iptables -F -t nat
	iptables -X
	delmod "ip_nat_ftp iptable_filter ipt_state ipt_REJECT ipt_MASQUERADE ipt_LOG iptable_nat ip_conntrack_ftp ip_conntrack ip_tables"
    ;;
############################################# iptables #########################
  ipt)

	modprobe -v iptable_nat
	modprobe -v ip_nat_ftp
	modprobe -v ip_conntrack_ftp 

	iptables -F
	iptables -F -t nat
	iptables -X

	iptables -P INPUT   DROP
	iptables -P FORWARD DROP
#	iptables -P INPUT   ACCEPT
#	iptables -P FORWARD ACCEPT
	iptables -P OUTPUT  ACCEPT

#	localhost and ethernet. tout sauf ypbind
#	UDP 111  utilisé par Samba
#	iptables -A INPUT -i lo -p udp --dport 111 -j DROP
	iptables -A INPUT -i lo                    -j ACCEPT
	iptables -A INPUT -i ppp0                    -j ACCEPT

#	ignore udp(17):6398 = Ghost
#	iptables -A INPUT -i eth0 -p udp --dport 6398    -j DROP
#	accept netbios
#	iptables -A INPUT -i eth0 -p udp --dport 919:919 -j ACCEPT
	iptables -A INPUT -i eth0 -p udp --dport 631:631 -j ACCEPT
#	iptables -A INPUT -o eth0 -p udp --dport 631:631 -j ACCEPT
	iptables -A INPUT -i eth0 -p udp --dport 520:520 -j ACCEPT
	iptables -A INPUT -i eth0 -p udp --dport 137:139 -j ACCEPT
	iptables -A INPUT -i eth0 -p tcp --dport 137:139 -j ACCEPT
#	Serveur yp bcv64mf9.vz.cit.alcatel.fr
#	iptables -A INPUT -i eth0 -s 155.132.205.190     -j ACCEPT
#	iptables -A INPUT -i eth0 -s 139.54.64.249       -j ACCEPT
#	iptables -A INPUT -i eth0 -d 139.54.64.249       -j ACCEPT
#	Mouchard ping
#	iptables -A INPUT -i eth0 -p icmp -s 139.54.67.230	-j REJECT
	iptables -A INPUT -i eth0 -p icmp -s $xgproxy		-j REJECT
#	accept broadcast bootps/67 xdmcp/177 serveur X/6000
	iptables -A INPUT -i eth0 -p udp -d 255.255.255.255 --dport   67 -j ACCEPT
	iptables -A INPUT -i eth0 -p udp -d 255.255.255.255 --dport  177 -j ACCEPT
#	iptables -A INPUT -i eth0 -p udp -d 139.54.71.255   --dport 2301 -j ACCEPT
	iptables -A INPUT -i eth0 -p tcp -s 139.54.71.176   --sport 6000 -j ACCEPT
#	iptables -A INPUT -i eth0 -p udp -d ! $alcanet -j DROP
#	Blazer uses DNS on udp
	iptables -A INPUT -p udp --dport 53 -j ACCEPT
	iptables -A INPUT -p icmp           -j ACCEPT
	iptables -A INPUT -j LOG
	iptables -A FORWARD -j LOG
	iptables -A INPUT -p tcp --sport 23 -j ACCEPT
##	All after this rule in INPUT chain is logged.
	iptables -A INPUT -p tcp --sport 20 --dport 1024:65535 ! --syn -m state --state RELATED -j ACCEPT
	iptables -A INPUT -p tcp --dport 21 -j ACCEPT
	iptables -A INPUT -i eth0     -j ACCEPT
	iptables -A INPUT -s $irdanet -j ACCEPT

#	for net in all irda0 default; do
#		echo 1 > /proc/sys/net/ipv4/conf/$net/forwarding
#	done
# 	iptables -A PREROUTING -p tcp -s $NETADDR/$NETMASK -t nat -j DNAT --to-destination 1.2.0.187:1-9999
 	iptables -t nat -A POSTROUTING -j LOG
# 	iptables -t nat -A POSTROUTING -d $alproxy -j MASQUERADE
# 	iptables -t nat -A PREROUTING  -s $xgproxy -p tcp -d 139.54.66.187 --dport 20 --j DNAT --to 1.2.0.234
 	iptables -t nat -A POSTROUTING -d $xgproxy -j MASQUERADE
 	iptables -t nat -A POSTROUTING -s $irdanet -j MASQUERADE
# 	iptables -t nat -A POSTROUTING -d $xgproxy -j SNAT --to 139.54.66.187
# 	iptables -A PREROUTING  -s $NETADDR/$NETMASK -t nat -j DNAT --to-destination 1.2.0.187
# 	iptables -A FORWARD -s $NETADDR/$NETMASK -j nat


# 	ppp/irda ->Palm
#	iptables -A FORWARD -i eth0     -j ACCEPT
#	iptables -A FORWARD -s $irdanet -d $xgproxy -j ACCEPT
#	iptables -A FORWARD -d $irdanet -s $xgproxy -j ACCEPT
	iptables -A FORWARD -s $irdanet -j ACCEPT
	iptables -A FORWARD -d $irdanet -j ACCEPT
	iptables -A FORWARD -s $xgproxy -j ACCEPT
	iptables -A FORWARD -d $xgproxy -m state --state ESTABLISHED,RELATED -j ACCEPT
#	iptables -A FORWARD -d $alcanet -j ACCEPT
	iptables -A FORWARD -d $noosnet -j ACCEPT
	iptables -A FORWARD -j LOG
#	iptables -A FORWARD -p tcp --destination-port ! 20:21 -s irnet2/255.255.255.255 -j MASQ
# 	Enable MASQ
	echo 1 > /proc/sys/net/ipv4/ip_forward
	iptables -A INPUT   -j REJECT --reject-with icmp-net-prohibited
#	lsmod | grep '^ip'
#	iptables-save
    ;;
############################################# iptables #########################
  ipfilt)
	modprobe -v iptable_nat
	modprobe -v ip_nat_ftp
	modprobe -v ip_conntrack_ftp 

	iptables -F
	iptables -F -t nat
	iptables -X

	iptables -P INPUT   DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT  ACCEPT

#	localhost and ethernet. tout sauf ypbind
	iptables -A INPUT -i lo -p udp --dport 111 -j DROP
	iptables -A INPUT                     -j ACCEPT
	;; 
############################################# iptables #########################
  status)
		status irattach
		;;
  restart|reload)
		$0 stop
		$0 start
		;;
  ks)
		# copy the map for debugging the future panics
		cp -a /proc/modules /etc/irda/modul-$2
		cp -a /proc/ksyms /etc/irda/ksyms-$2
        ;;
  dbg)
		echo $2 >/proc/sys/net/irda/debug
        ;;
  install)
#   rm -f /etc/rc.d/rc3.d/S47irda
#	ln -s /etc/rc.d/init.d/irda /etc/rc.d/rc3.d/S47irda
	echo "alias tty-ldisc-11      irtty" 		>>/etc/modules.conf
	echo "alias char-major-161    ircomm-tty
" 	>>/etc/modules.conf
	echo "alias char-major-10-187 irnet
" 		>>/etc/modules.conf
	echo "alias char-major-108    ppp_generic"	>>/etc/modules.conf
	mknod --mode=0666 /dev/irnet   c 10  187
	mknod --mode=0666 /dev/ppp     c 108 0
	mknod --mode=0666 /dev/ircomm  c 161 0
	mknod --mode=0666 /dev/ircomm0 c 161 0
	mknod --mode=0666 /dev/ircomm1 c 161 1
	mknod --mode=0666 /dev/irlpt0  c 161 16
	mknod --mode=0666 /dev/irlpt1  c 161 17
	ls -l  /dev/ir*
	;;
  *)
        echo "Usage: irda {start|stop|restart|reload|status}!$1"
        exit 1
esac

exit 0