#!/bin/sh

case "$1" in 

start)


        # Needed to initially load modules
        #
        echo Probing Masq Modules...
        /sbin/depmod -a

        # Supports the proper masquerading of FTP file transfers using the PORT method
        #
        /sbin/modprobe ip_masq_ftp

        # Supports the masquerading of RealAudio over UDP.  Without this module,
        #       RealAudio WILL function but in TCP mode.  This can cause a reduction
        #       in sound quality
        #
        /sbin/modprobe ip_masq_raudio

        # Supports the masquerading of IRC DCC file transfers
        #
        #/sbin/modprobe ip_masq_irc

        # Supports the masquerading of the CuSeeme video conferencing software
        #
        /sbin/modprobe ip_masq_cuseeme

        #Supports the masquerading of the VDO-live video conferencing software
        #
        /sbin/modprobe ip_masq_vdolive

        # Dynamic IP users:
        #
        #   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
        #       option.  This enables dynamic-ip address hacking in IP MASQ, making the life 
        #       with Diald and similar programs much easier.
        #
        echo "1" > /proc/sys/net/ipv4/ip_dynaddr

        # Get my IP address
        extip = "`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"



        # MASQ timeouts
        #
        #   2 hrs timeout for TCP session timeouts
        #  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
        #  160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) 
        #
        echo Starting IP Chains Setup...
        /sbin/ipchains -M -S 14400 10 160


        # DHCP:  For people who receive their external IP address from either DHCP or BOOTP
        #        such as ADSL or Cablemodem users, it is necessary to use the following
        #        before the deny command.  The "bootp_client_net_if_name" should be replaced
        #        the name of the link that the DHCP/BOOTP server will put an address on to?
        #        This will be something like "eth0", "eth1", etc.
        #
        #        This example is currently commented out.
        #
        #
        /sbin/ipchains -A input -j ACCEPT -i eth0  -s 0/0 67 -d 0/0 68 -p udp


        # Enable simple IP forwarding and Masquerading
        #
        #  NOTE:  The following is an example for an internal LAN address in the 192.168.0.x
        #         network with a 255.255.255.0 or a "24" bit subnet mask.
        #
        #         Please change this network number and subnet mask to match your internal LAN setup
        #
        /sbin/ipchains -P forward DENY
        /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ
        ;;

stop)
        echo Fake stopping firewall services....
        echo
        ;;


restart)
        echo Fake restart of firewall services...
        echo
        $0 start
        ;;


*)
        echo Heh?
        echo
        ;;

esac;