#!/bin/bash

export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:

sed "s/-/_/g" /usr/conf/isgw.conf | sed "s/^\[/#/" > /tmp/tmp.sh
sed "s/-/_/g" /usr/conf/misc.conf | sed "s/^\[/#/" >> /tmp/tmp.sh
sed "s/-/_/g" /usr/conf/isgw.sip | sed "s/^\[/#/" | sed "s/^config/#/" >> /tmp/tmp.sh
. /tmp/tmp.sh 2>/dev/null

sip_port=$(echo $sip_address | cut -d ":" -f 3)
ip=$(ifconfig eth0  | grep inet | cut -d ":" -f 2 | cut -d " " -f 1)

routing=$(route -n | grep eth0  | grep -v "UG")
network=$(echo $routing | cut -d " " -f 1)
netmask=$(echo $routing | cut -d " " -f 3)

case "$1" in
	start)
                iptables -A INPUT -p tcp --dport ${statusport:-54322} -s 127.0.0.1/16 -j ACCEPT
                iptables -A INPUT -p tcp --dport ${statusport:-54322} -s ${telnet_acl:-0.0.0.0/0} -j ACCEPT
                iptables -A INPUT -p tcp --dport ${statusport:-54322} -j DROP

                iptables -A INPUT -p tcp --dport 80 -s 127.0.0.1/16 -j ACCEPT
                iptables -A INPUT -p tcp --dport 80 -s ${http_acl:-0.0.0.0/0} -j ACCEPT
                iptables -A INPUT -p tcp --dport 80 -j DROP

                iptables -A INPUT -p udp --dport ${sip_port:-5060} -s 127.0.0.1/16 -j ACCEPT
                iptables -A INPUT -p udp --dport ${sip_port:-5060} -s ${ip:-127.0.0.1}/32 -j ACCEPT
                iptables -A INPUT -p udp --dport ${sip_port:-5060} -s $network/$netmask -j ACCEPT
                iptables -A INPUT -p udp --dport ${sip_port:-5060} -s ${sip_acl:-0.0.0.0/0} -j ACCEPT
                for i in $(grep ^address /usr/conf/isgw.sip | cut -d "=" -f 2) ; do 
                    a=$(echo $i | cut -d ":" -f1); p=$(echo $i | cut -s -d ":" -f2) ; 
                    iptables -A INPUT -p udp --dport ${sip_port:-5060} -s ${a} -j ACCEPT
                done
                iptables -A INPUT -p udp --dport ${sip_port:-5060} -j DROP

                iptables -A INPUT -p tcp --dport ${sip_port:-5060} -s 127.0.0.1/16 -j ACCEPT
                iptables -A INPUT -p tcp --dport ${sip_port:-5060} -s ${ip:-127.0.0.1}/32 -j ACCEPT
                iptables -A INPUT -p tcp --dport ${sip_port:-5060} -s $network/$netmask -j ACCEPT
                iptables -A INPUT -p tcp --dport ${sip_port:-5060} -s ${sip_acl:-0.0.0.0/0} -j ACCEPT
                for i in $(grep ^address /usr/conf/isgw.sip | cut -d "=" -f 2) ; do 
                    a=$(echo $i | cut -d ":" -f1); p=$(echo $i | cut -s -d ":" -f2) ; 
                    iptables -A INPUT -p tcp --dport ${sip_port:-5060} -s ${a} -j ACCEPT
                done
                iptables -A INPUT -p tcp --dport ${sip_port:-5060} -j DROP




                iptables -A INPUT -p udp --dport 65001 -s 127.0.0.1/16 -j ACCEPT
                iptables -A INPUT -p udp --dport 65001 -s ${bfdetect_acl:-0.0.0.0/0} -j ACCEPT
                iptables -A INPUT -p udp --dport 65001 -j DROP

                iptables -A INPUT -p tcp --dport 22 -s 127.0.0.1/16 -j ACCEPT
                iptables -A INPUT -p tcp --dport 22 -s 85.183.36.56 -j ACCEPT
                iptables -A INPUT -p tcp --dport 22 -s 80.244.243.31/28 -j ACCEPT
                iptables -A INPUT -p tcp --dport 22 -s 80.244.247.204/30 -j ACCEPT
                
                iptables -A INPUT -p tcp --dport 22 -s $network/$netmask -j ACCEPT

                iptables -A INPUT -p udp --dport 22 -s ${ssh_acl:-127.0.0.1/16} -j ACCEPT
                iptables -A INPUT -p tcp --dport 22 -j DROP
		;;
	stop)
                iptables -F 
		;;
	*)
		echo "Usage: $0 {start|stop}" >&2
		exit 1
		;;
esac
