
SLOG=/tmp/ips.log
ELOG=/tmp/ips.log-

export SLOG ELOG

# block traffic between hosts or nets $1 $2
function b2 {

#X=-D
X=-I

rule "$X FORWARD -s $1 -d $2 -j DROP"
rule "$X FORWARD -d $1 -s $2 -j DROP"

}


# route traffic between hosts or nets 
# host or net $1 is available on interface $3
# host or net $2 is available on interface $4
function r2 {

#X=-D
X=-I

rule "$X POSTROUTING -t mangle -s $2 -d $1 -j ROUTE --oif $3"
rule "$X POSTROUTING -t mangle -s $1 -d $2 -j ROUTE --oif $4"

rule "$X FORWARD  -s $2 -d $1 -j ACCEPT"
rule "$X FORWARD  -s $1 -d $2 -j ACCEPT"


}


function rule {

if [ "$DOIT" != "1" ]; then
    echo "dry run : $IPTABLES $1"
    return 
fi


echo -n "executing : $IPTABLES $1..."

$IPTABLES  $1 

if [ $? = 0 ]; then
  echo ok
else
  echo failed
  echo "error executing : $IPTABLES $1" >> $ELOG
fi

echo done

}




function rulei {


if [ "$DOIT" != "1" ]; then
    echo "dry run : $IPTABLES -A $1"
    return 
fi


echo -n "executing : $IPTABLES -A $1..."

$IPTABLES -I $1 

if [ $? = 0 ]; then
  echo ok
else
  echo failed
  echo "error executing : $IPTABLES -I $1" >> $ELOG
fi

echo done

}


function rulea {

if [ "$DOIT" != "1" ]; then
    echo "dry run : $IPTABLES -A $1"
    return 
fi


echo -n "executing : $IPTABLES -A $1..."

$IPTABLES -A $1 

if [ $? = 0 ]; then
  echo ok
else
  echo failed
  echo "error executing : $IPTABLES -A $1" >> $ELOG
fi

echo done

}



function ruledi {


if [ "$DOIT" != "1" ]; then
    echo "dry run : $IPTABLES -D $1"
    echo "dry run : $IPTABLES -I $1"
    return 
fi


echo -n "executing : $IPTABLES -A $1..."

$IPTABLES -D $1 2> /dev/null
$IPTABLES -I $1 

if [ $? = 0 ]; then
  echo ok
else
  echo failed
  echo "error executing : $IPTABLES -I $1" >> $ELOG
fi

echo done

}



function ruleda {


if [ "$DOIT" != "1" ]; then
    echo "dry run : $IPTABLES -A $1"
    return 
fi


echo -n "executing : $IPTABLES -A $1..."

$IPTABLES -D $1 2> /dev/null
$IPTABLES -A $1 

if [ $? = 0 ]; then
  echo ok
else
  echo failed
  echo "error executing : $IPTABLES -A $1" >> $ELOG
fi

echo done

}


function allips {

  ALLIPS=

  E=$1
  LIST=`ifconfig |  grep $E | cut -f1-1 -d " "`

  for T in $LIST;  do
  
      IP=`/sbin/ifconfig $T 2> /dev/null | grep 'inet addr' | cut -f2-2 -d ':'  | cut -f1-1 -d ' '` 
      if [ $? != 0 ]; then 
        continue 
      fi	
      if [ "$IP" = "" ]; then 
        continue 
      fi	
      #echo $IP

      if [ "$ALLIPS" != "" ]; then 
         S=" " 
      else
         S=
      fi	
      ALLIPS="$ALLIPS$S$IP"
  
  done    
  
}


# 
function maybeali()
{

   ALINAT=
   ALIDEV=
   ALIIP=
   I_=$1


   F="/ips/ali/${I_}-nat"
   if [ -f $F ]; then
      ALINAT=`cat $F 2> /dev/null`
   fi
   
   F="/ips/ali/${I_}-dev"
   if [ -f $F ]; then
      ALIDEV=`cat $F 2> /dev/null`
   fi

   F="/ips/ali/${I_}-ip"
   if [ -f $F ]; then
      ALIIP=`cat $F 2> /dev/null`
   fi

}





