###!/bin/sh
#
#   Rename this file to ppp_on_boot and pppd will be fired up as
#   soon as the system comes up, connecting to `provider'.
#
#   If you also make this file executable, and replace the first line
#   with just "#!/bin/sh", the commands below will be executed instead.
#

update_secret() {
  if [ ! -e ${1} ];then
    printf "%s\t*\t%s\n" ${2} ${3} > ${1}
   elif ! grep -q -s -E "^${2}\s" ${1};then
    printf "%s\t*\t%s\n" ${2} ${3} >> ${1}
   else
    sed -e 's|'${2}'\s.*|'${2}'\t*\t'${3}'|' -i ${1}
 fi;
}

if [ -e /etc/default/ppp ];then
        source /etc/default/ppp
else
	echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
	/usr/sbin/iptables -F PPP
	exit 0
fi

if [ "${ENABLE}" != "1" ];then
	echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
	/usr/sbin/iptables -F PPP
	exit 0
fi

PPP_OPTS="noipdefault\nusepeerdns\npersist\nlcp-echo-failure 2\nlcp-echo-interval 60\nnoauth\nholdoff 30\nmaxfail 0\nplugin rp-pppoe.so\n";

# The location of the ppp daemon itself (shouldn't need to be changed)
PPPD=/usr/sbin/pppd

if [ "${USER}" ];then
  PPP_OPTS="${PPP_OPTS}user ${USER}\n"
fi;

if [ "${PASS}" ];then
  update_secret /etc/ppp/pap-secrets ${USER} ${PASS}
  update_secret /etc/ppp/chap-secrets ${USER} ${PASS}
  chown root.root /etc/ppp/pap-secrets /etc/ppp/chap-secrets
  chmod 740 /etc/ppp/pap-secrets /etc/ppp/chap-secrets
fi;

if [ "${MRU}" ];then
  PPP_OPTS="${PPP_OPTS}mru ${MRU}\n"
 else
  PPP_OPTS="${PPP_OPTS}mru 1492\n"
fi;

if [ "${SERVICE}" ];then
  PPP_OPTS="${PPP_OPTS}rp_pppoe_service ${SERVICE}\n"
fi;

if [ "${VLAN}" ];then
  if [ ! -d /sys/class/net/eth0.${VLAN} ];then
    /sbin/ip link add link eth0 name eth0.${VLAN} type vlan id ${VLAN}
    /sbin/ip link set eth0.${VLAN} up
  fi;
  PPP_OPTS="${PPP_OPTS}nic-eth0.${VLAN}\n"
  EIFACE="eth0.${VLAN}"
else
  PPP_OPTS="${PPP_OPTS}nic-eth0\n"
  EIFACE="eth0"
fi;

printf "${PPP_OPTS}"  > /etc/ppp/peers/ns_default

/usr/sbin/iptables -F PPP
if [ "${FWALL}" == "1" ];then
  if [ "${DHCP}" == "1" ];then
    /usr/sbin/iptables -A PPP -j ACCEPT -i ${EIFACE} -p udp -d 255.255.255.255 --dport 67:68
   else
    /usr/sbin/iptables -A PPP -j DROP -i ${EIFACE} -p udp -d 255.255.255.255 --dport 67:68
  fi;
  if [ "${FWLOCAL}" == "1" ] && [ "${WWW}" == "0" ];then
    /sbin/ip route show dev ${EIFACE} scope link proto kernel |sort |uniq |\
	awk -v DEV=${EIFACE} \
		'{printf "/usr/sbin/iptables -A PPP -j ACCEPT -p tcp -i %s -d %s -s %s --dport 80\n", DEV, $3, $1, DEV, $3, $1}' |sh
   elif [ "${WWW}" == "1" ];then
    /usr/sbin/iptables -A PPP -j ACCEPT -i ${EIFACE} -p tcp --dport 80
    /usr/sbin/iptables -A PPP -j ACCEPT -i ppp0 -p tcp --dport 80
  fi
  if [ "${FWLOCAL}" == "0" ];then
    /sbin/ip route show dev ${EIFACE} scope link proto kernel |sort |uniq |\
	awk -v DEV=${EIFACE} '{printf "/usr/sbin/iptables -A PPP -j ACCEPT -i %s -s %s -d %s\n\
		/usr/sbin/iptables -A PPP -j ACCEPT -p igmp -i %s -s %s -d 224.0.0.0/4\n", DEV, $1, $1, DEV, $1}' |sh
    /usr/sbin/iptables -A PPP -j ACCEPT -i ${EIFACE} -p udp -d 255.255.255.255
    /usr/sbin/iptables -A PPP -j ACCEPT -i ${EIFACE} -p udp -d 224.0.0.251
    /usr/sbin/iptables -A PPP -j ACCEPT -i ${EIFACE} -d 224.0.0.1
   else
    /sbin/ip route show dev ${EIFACE} scope link proto kernel |sort |uniq |awk -v DEV=${EIFACE} '{printf "\
	/usr/sbin/iptables -A PPP -j ACCEPT -p tcp --sport 0:1023 --dport 2049:2052 -i %s -s %s -d %s\n\
	/usr/sbin/iptables -A PPP -j ACCEPT -p udp --sport 0:1023 --dport 2049:2052 -i %s -s %s -d %s\n\
	/usr/sbin/iptables -A PPP -j ACCEPT -p tcp --sport 0:1023 --dport 111 -i %s -s %s -d %s\n\
	/usr/sbin/iptables -A PPP -j ACCEPT -p udp --sport 0:1023 --dport 111 -i %s -s %s -d %s\n\
	/usr/sbin/iptables -A PPP -j DROP -i %s -s %s -d %s\n\
	/usr/sbin/iptables -A PPP -j DROP -p igmp -i %s -s %s -d 224.0.0.0/4\n", \
		DEV, $1, $1, DEV, $1, $1, DEV, $1, $1, DEV, $1, $1, DEV, $1, $1, DEV, $1}' |sh
    /usr/sbin/iptables -A PPP -j DROP -i ${EIFACE} -p udp -d 255.255.255.255
    /usr/sbin/iptables -A PPP -j DROP -i ${EIFACE} -p udp -d 224.0.0.251
    /usr/sbin/iptables -A PPP -j DROP -i ${EIFACE} -d 224.0.0.1
  fi;

  /usr/sbin/iptables -A PPP -j ACCEPT -i ${EIFACE} -p tcp --tcp-flags SYN,ACK,FIN,RST FIN,ACK
#  /usr/sbin/iptables -A PPP -j LOG -i ${EIFACE}
  /usr/sbin/iptables -A PPP -j DROP -i ${EIFACE}
  echo 1 > /proc/sys/net/ipv4/conf/${EIFACE}/rp_filter
elif [ "${WWW}" == "1" ];then
  echo 0 > /proc/sys/net/ipv4/conf/${EIFACE}/rp_filter
  /usr/sbin/iptables -A PPP -j ACCEPT -i ppp0 -p tcp --dport 80
else
  echo 0 > /proc/sys/net/ipv4/conf/${EIFACE}/rp_filter
fi;

# The default provider to connect to
if [ "${USER}" ] && [ "${PASS}" ];then
  $PPPD call ns_default
fi;

# Additional connections, which would just use settings from
# /etc/ppp/options.<tty>
#$PPPD ttyS0
#$PPPD ttyS1
#$PPPD ttyS2
#$PPPD ttyS3
