#! /bin/sh

### BEGIN INIT INFO
# Provides:             freedombox-client-proxy
# Required-Start:       $network $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:
# Short-Description:    Proxy for clients.
### END INIT INFO

set -e

. /lib/lsb/init-functions

INTIF1="eth1"
INTIF2="uap0"
EXTIF="eth0"
EXTIP="`/sbin/ifconfig $EXTIF | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"

loadModules() {
    depmod -a
    modprobe ip_tables
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    modprobe ip_conntrack_irc
    modprobe iptable_nat
    modprobe ip_nat_ftp
}

setProc() {
    echo "1" > /proc/sys/net/ipv4/ip_forward
    echo "1" > /proc/sys/net/ipv4/ip_dynaddr
}

configIpTables() {
    iptables -P INPUT ACCEPT
    iptables -F INPUT
    iptables -P OUTPUT ACCEPT
    iptables -F OUTPUT
    iptables -P FORWARD DROP
    iptables -F FORWARD
    iptables -t nat -F

    iptables -A FORWARD -i $EXTIF -o $INTIF1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i $INTIF1 -o $EXTIF -j ACCEPT
    iptables -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT

    iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
}

start() {
    log_action_begin_msg "Loading proxy and iptable rules"
    if loadModules &&
	setProc &&
	configIpTables ; then
	log_action_end_msg 0
    else
	log_action_end_msg 1
    fi
}

case "$1" in
    start)
        start
        ;;
    stop|restart|force-reload)
	# Do nothing
	;;
    *)
        log_success_msg "Usage: /etc/init.d/proxy {start}"
        exit 1
        ;;
esac
