function tof
{
echo '#!/bin/sh' > $FWSCRIPT
echo '# chkconfig: 345 15 85' >> $FWSCRIPT
echo '# description: gn*nix Netfilter Firewall' >> $FWSCRIPT
echo '# author: Linus Sphinx' >> $FWSCRIPT
}

function topofrules
{
echo "function rules" >> $FWSCRIPT
echo "{" >> $FWSCRIPT
 
}

function endofrules
{
echo "}" >> $FWSCRIPT
}

function stopsynattack
{
echo '# stop syn attack' >> $FWSCRIPT
echo "if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then" >> $FWSCRIPT
echo "    echo 1 > /proc/sys/net/ipv4/tcp_syncookies" >> $FWSCRIPT
echo "else" >> $FWSCRIPT
echo "    echo tcp_syncookies not enabled" >> $FWSCRIPT
echo "fi" >> $FWSCRIPT
}

function enableproxyarp
{
echo '#respond to arp requests' >> $FWSCRIPT
echo "echo 1 > /proc/sys/net/ipv4/conf/${INTIF}/proxy_arp" >> $FWSCRIPT
#echo "echo 1 > /proc/sys/net/ipv4/conf/${INTIF2}/proxy_arp" >> $FWSCRIPT
}

function enableforwarding
{
echo '#enable forwarding' >> $FWSCRIPT
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> $FWSCRIPT
}

function spoofprotection
{
echo '# IP Spoof protection' >> $FWSCRIPT
echo "for file in /proc/sys/net/ipv4/conf/*/rp_filter" >> $FWSCRIPT
echo "do" >> $FWSCRIPT
echo "echo 1 > \$file" >> $FWSCRIPT
echo "done" >> $FWSCRIPT
}

function disableicmpredirects
{
echo '# Disable ICMP redirect acceptance' >> $FWSCRIPT
echo "for file in /proc/sys/net/ipv4/conf/*/accept_redirects" >> $FWSCRIPT
echo "do" >> $FWSCRIPT
echo "echo 0 > \$file" >> $FWSCRIPT
echo "done" >> $FWSCRIPT
}

function disablesourceroutedpackets
{
echo '# Disable source-routed packets' >> $FWSCRIPT
echo "for file in /proc/sys/net/ipv4/conf/*/accept_source_route" >> $FWSCRIPT
echo "do" >> $FWSCRIPT
echo "echo 0 > \$file" >> $FWSCRIPT
echo "done" >> $FWSCRIPT
}

function forwardpolicy
{
# change policy log if made it this far
echo "iptables -A FORWARD -j LOG" >> $FWSCRIPT
echo "iptables -P FORWARD DROP" >> $FWSCRIPT
}

function inputpolicy
{
echo "iptables -A INPUT -j LOG" >> $FWSCRIPT
echo "iptables -P INPUT DROP" >> $FWSCRIPT
}

# set policy and flush
function rcfunctions
{
echo "function stop" >> $FWSCRIPT
echo "{" >> $FWSCRIPT
echo "echo -n flushing tables..." >> $FWSCRIPT
echo "iptables -P INPUT ACCEPT" >> $FWSCRIPT
echo "iptables -P FORWARD ACCEPT" >> $FWSCRIPT
echo "iptables -P OUTPUT ACCEPT" >> $FWSCRIPT
echo "iptables -t filter -F" >> $FWSCRIPT
echo "iptables -t nat -F" >> $FWSCRIPT
echo "iptables -t mangle -F" >> $FWSCRIPT
echo "echo done" >> $FWSCRIPT
echo "}" >> $FWSCRIPT

echo "function start" >> $FWSCRIPT
echo "{" >> $FWSCRIPT
echo "echo -n \"firewalling...\"" >> $FWSCRIPT
echo "rules" >> $FWSCRIPT
echo "echo done" >> $FWSCRIPT
echo "}" >> $FWSCRIPT

echo "case \"\$1\" in" >> $FWSCRIPT
echo "    start)" >> $FWSCRIPT
echo "        stop" >> $FWSCRIPT 
echo "        start" >> $FWSCRIPT
echo "        ;;" >> $FWSCRIPT
echo "    stop)" >> $FWSCRIPT
echo "        stop" >> $FWSCRIPT
echo "        ;;" >> $FWSCRIPT
echo "    restart)" >> $FWSCRIPT
echo "        stop" >> $FWSCRIPT
echo "        start" >> $FWSCRIPT
echo "        ;;" >> $FWSCRIPT
echo "    status)" >> $FWSCRIPT
echo "        /sbin/iptables -L" >> $FWSCRIPT
echo "        ;;" >> $FWSCRIPT
echo '     *)' >> $FWSCRIPT
echo "        echo \"Usage: \$0 {start|stop|restart|status}\"" >> $FWSCRIPT
echo "        exit 1" >> $FWSCRIPT
echo "esac" >> $FWSCRIPT 
echo "echo done" >> $FWSCRIPT
echo "exit 0" >> $FWSCRIPT
}

function addrules
{
grep -v -E "^\#" $1 | while read i
do
  if [ ! "$i" = "" ]; then
    for g in ${i}
    do
      if [ "$g" = '$INTNET' ]; then
        echo -n "$INTNET " >> $FWSCRIPT
      elif [ "$g" = '$INTNET2' ]; then
        echo -n "$INTNET2 " >> $FWSCRIPT
      elif [ "$g" = '$EXTNET' ]; then
        echo -n "$EXTNET " >> $FWSCRIPT
      elif [ "$g" = '$INTIF' ]; then
        echo -n "$INTIF " >> $FWSCRIPT
      elif [ "$g" = '$INTIF2' ]; then
        echo -n "$INTIF2 " >> $FWSCRIPT
      elif [ "$g" = '$EXTIF' ]; then
        echo -n "$EXTIF " >> $FWSCRIPT
      elif [ "$g" = '$INTIP' ]; then
        echo -n "$INTIP " >> $FWSCRIPT
      elif [ "$g" = '$INTIP2' ]; then
        echo -n "$INTIP2 " >> $FWSCRIPT
      elif [ "$g" = '$EXTIP' ]; then
        echo -n "$EXTIP " >> $FWSCRIPT
      elif [ "$g" = '$INTMASK' ]; then
        echo -n "$INTMASK " >> $FWSCRIPT
      elif [ "$g" = '$INTMASK2' ]; then
        echo -n "$INTMASK2 " >> $FWSCRIPT
      elif [ "$g" = '$EXTMASK' ]; then
        echo -n "$EXTMASK " >> $FWSCRIPT

      elif [ "$g" = '$DNS1' ]; then
        echo -n "$DNS1 " >> $FWSCRIPT
      elif [ "$g" = '$DNS2' ]; then
        echo -n "$DNS2 " >> $FWSCRIPT
      elif [ "$g" = '$DNS3' ]; then
        echo -n "$DNS3 " >> $FWSCRIPT
      elif [ "$g" = '$DNS4' ]; then
        echo -n "$DNS4 " >> $FWSCRIPT
      else
        echo -n "$g ">> $FWSCRIPT
      fi
    done
    echo "" >> $FWSCRIPT
  fi
done
}