#! /bin/sh
# $Id: flypaperd-init.txt,v 1.1 2006/10/08 11:38:06 jfranken Exp $
# /etc/init.d/flypaperd: lockout portscanners
# Author: Johannes Franken <jfranken@jfranken.de>

PATH=/bin:/usr/bin:/sbin:/usr/sbin

binpath=/usr/local/bin/flypaperd
perlpath=/usr/bin/perl
pidfile=/var/run/flypaperd.pid
export flypaperdpidfile=$pidfile # makes demon create a PIDfile

test -x $binpath  || exit 0
test -x $perlpath || exit 1

printstatus()
{
	if [ $? == 0 ]; then
		echo OK
	else
		echo Missing
	fi
}

running()
{
# check if daemon is running. 
# returns 0 if daemon is running, 1 otherwise.

    # PID-file must exist
    [ -f $pidfile ]             || return 1 

    # PID must be greater zero
    pid=`cat $pidfile`
    [ -z "$pid" ]               && return 1 

    # process of that PID must be running
    [ -d /proc/$pid ]           || return 1 

    # process should be a perl program
    cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1`
    [ "$cmd" == "$perlpath" ]   || return 1 

    return 0
}


case "$1" in
  start)
    echo "Starting portscan protection: flypaperd."
    if running; then
    	echo Not started. Process was already running.
    else
	    start-stop-daemon --start --exec $binpath --pidfile $pidfile
	    sleep 1
    fi
    if running; then
	    iptables -N flypaper 2>/dev/null # Create new chain "flypaper"
	    iptables -D INPUT   -j flypaper 2>/dev/null # jump through it at beginning
	    iptables -I INPUT   -j flypaper
	    iptables -D FORWARD -j flypaper 2>/dev/null # jump through it at beginning
	    iptables -I FORWARD -j flypaper
    fi
    ;;

  stop)
    echo "Stopping portscan protection: flypaperd."
    start-stop-daemon --stop --quiet --exec $perlpath --pidfile $pidfile
    iptables -D INPUT   -j flypaper 2>/dev/null
    iptables -D FORWARD -j flypaper 2>/dev/null
    # Uncomment this if you want to flush at stop
    # iptables -F flypaper 2>/dev/null
    # iptables -X flypaper 2>/dev/null
    ;;

  status)
    echo -n "Kernel ip_queue support:                        "
    test -r /proc/net/ip_queue; printstatus
    echo -n "flypaper chain existence:                       "
    if iptables -nL flypaper >/dev/null 2>&1; then
    	echo -n 'OK ('
	echo -n `iptables -nL flypaper| grep ^DROP | sort | uniq | wc -l`
	echo ' flies)'
    else
        printstatus
    fi
    echo -n "flypaper chain integration to INPUT chain:      "
    iptables -nL INPUT | grep -q ^flypaper; printstatus
    echo -n "flypaper chain integration to FORWARD chain:    "
    iptables -nL FORWARD | grep -q ^flypaper; printstatus 
    echo -n "flypaperd process:                              "
    running; printstatus
    echo -n "flypaperd integration (QUEUE target):           "
    iptables -nL | grep -q ^QUEUE; printstatus 
    ;;

  list)
    iptables -nL flypaper |grep ^DROP |awk '{print $4}'| sort -n|uniq
    ;;

  flush)
    text="flushing "`iptables -nL flypaper| grep ^DROP | sort | uniq | wc -l`" flies"
    echo `date`" | $text"
    logger -p auth.info -t flypaperd "$text"
    iptables -F flypaper
    ;;

  restart)
    if running; then
	    echo "Stopping portscan protection: flypaperd."
	    start-stop-daemon --stop --exec $perlpath --pidfile $pidfile
	    sleep 1
    fi
    $0 start
    ;;

  *)
    echo "Usage: /etc/init.d/flypaperd {start|stop|status|list|flush|restart}"
    exit 1
esac

exit 0