#!/bin/sh
#	runfwscript 0.08
#
#	Copyright (C) 2000:	Manel Marin <manel3@wanadoo.es>
#	Licence:		GNU GPL version >= 2
#
#
#	Selects a script depending on the kernel packet filter support
#
#	Use:	runfwscript script
#	this will run script-ipfwadm or script-ipchains or script-iptables
#	or echo an error message if there is no packetfilter support in kernel
#
#		runfwscript -i script	#shows command should be runned
#
#--------
#	Selecciona un script segn el soporte de filtrado del kernel
#
#	Uso:	runfwscript script
#	esto lanzar script-ipfwadm o script-ipchains o script-iptables
#	o dar un mensaje de error si no hay soporte de filtrado en el kernel
#
#		runfwscript -i script	#muestra el comando que se lanzara
#


# NOTES ON DETECTION OF FIREWALL SUPPORT OF KERNEL
# a) via /proc file (e.g /proc/net/ip_fwchains)
#   BUT /proc can be not mounted
#   BUT iptables only shows ip_tables_names in proc when loaded
#
# b) via checking if module loaded/loadable
#   BUT kernel can have this module built in
#   BUT modules support could be off
#
# c) via (no) error listing firewall rules
#   BUT order of testing is a matter: ipfwadm list works with 2.2 kernel
#   BUT command could be not available, we have to check
#   BUT only root can list iptables or ipchains
#
# I am going to use c)


# SCRIPT OUTPUTS
# - command errors and outputs to /dev/null ( > /dev/null 2>&1 )
# - firewall support to stderr ( 1>&2 )
# - only command to run (e.g. firewall-ipchains) must go to stdout


PATH=/usr/lib/firewall-easy:/sbin:/usr/sbin:/bin:/usr/bin

# Only show firewall support if call	# Solo mostrar soporte de firewall
# without args or with -i ...		# si llamado sin args o con -i ...
# if not stderr to /dev/null		# sino sdterr a /dev/null
if [ "$1" = "" ] || [ "$1" == "-i" ]
then
    DEST="/dev/stdout"
else
    DEST="/dev/null"
fi


FW=		# var init		# inicializo variable

echo "Running kernel `uname -r`" 1>&2 > $DEST	# show kernel version


# ALLOW ONLY TO ROOT		# SOLO PERMITIR A ROOT

if [ "`id -u`" != "0" ]
then
    echo "firewall-easy: Only root can detect packet filter support" 1>&2
    exit 1
fi


echo "2.4 kernel support" 1>&2 > $DEST
if which iptables > /dev/null 2>&1
then
    if iptables -L -n > /dev/null 2>&1
    then
	if [ "$FW" = "" ]; then FW="iptables"; fi
	echo "    -> iptables list OK" 1>&2 > $DEST
    else
	echo "    NO iptables list, firewall kernel support?" 1>&2 > $DEST
    fi
else
    echo "    NO iptables found, command installed?" 1>&2 > $DEST
fi


echo "2.2 kernel support" 1>&2 > $DEST
if which ipchains > /dev/null 2>&1
then
    if ipchains -L -n > /dev/null 2>&1
    then
	if [ "$FW" = "" ]; then FW="ipchains"; fi
	echo "    -> ipchains list OK" 1>&2 > $DEST
    else
	echo "    NO ipchains list, firewall kernel support?" 1>&2 > $DEST
    fi
else
    echo "    NO ipchains found, command installed?" 1>&2 > $DEST
fi
if which ipmasqadm > /dev/null 2>&1
then
    if ipmasqadm portfw -l -n > /dev/null 2>&1
    then
	echo "    -> ipmasqadm list OK" 1>&2 > $DEST
    else
	echo "    NO ipmasqadm list, port forwarding kernel support?" 1>&2 > $DEST
    fi
else
    echo "    NO ipmasqadm found, port forwarding command installed?" 1>&2 > $DEST
fi


echo "2.0 kernel support" 1>&2 > $DEST
if which ipfwadm > /dev/null 2>&1
then
    if ipfwadm -I -l -n > /dev/null 2>&1
    then
	if [ "$FW" = "" ]; then FW="ipfwadm"; fi
	echo "    -> ipfwadm list OK" 1>&2 > $DEST
    else
	echo "    NO ipfwadm list, firewall kernel support?" 1>&2 > $DEST
    fi
else
    echo "    NO ipfwadm found, command installed?" 1>&2 > $DEST
fi


# MESSAGES ALWAYS SEEN		# MENSAJES SIEMPRE VISIBLES

if [ "$FW" = "" ]
then
    echo "firewall-easy: No packet filter support available" 1>&2
    exit 1
fi
echo "firewall-easy: $FW support detected" 1>&2


# FW DETECTED

if [ "$1" != "" ]
then 
    if [ "$1" = "-i" ]
    then
	shift			# Salto la opcin "-i" # Skip "-i" option
	echo "$1-$FW"		# Show command	# Muestro comando que lanzara
    else
	$1-$FW			# Run command	# Lanzo comando
    fi
fi
