#!/bin/sh
# This file has been diverted to netbase.real by xinetd, as xinetd has no 
# use for it.  Parts of the original netbase have been included for 
# convenience.

spoofprotect () {
    # rules for linux 2.0.x and 2.1.x (x < 102) kernels
    if [ -e /proc/net/ip_input ]; then
        echo -n "Setting up IP spoofing protection..."
	# delete and readd entry (this way we don't get duplicate entries)

	# deny incoming packets pretending to be from 127.0.0.1
        ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 2>/dev/null || true
        ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 2>/dev/null || true
        ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 >/dev/null
        ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 >/dev/null

	# deny incoming packets pretending to be from our own system.
	# set your own IP address below (or use `hostname -i` to set it).
#	my_ip=192.168.14.1
#	ipfwadm -I -d deny -o -P all -S $my_ip -W eth0 -D 0/0 2>/dev/null || true
#	ipfwadm -I -d deny -o -P all -S $my_ip -W eth1 -D 0/0 2>/dev/null || true
#	ipfwadm -I -a deny -o -P all -S $my_ip -W eth0 -D 0/0 >/dev/null
#	ipfwadm -I -a deny -o -P all -S $my_ip -W eth1 -D 0/0 >/dev/null
	echo "done."
    fi
    # rules for linux 2.1.x (x > 101) kernels
    if [ -e /proc/net/ip_fwchains ]; then
        echo -n "Setting up IP spoofing protection..."
	ipchains -D input -j DENY -p all -l -s 127.0.0.0/8 -i eth0 -d 0.0.0.0/0 2>/dev/null || true
	ipchains -D input -j DENY -p all -l -s 127.0.0.0/8 -i eth1 -d 0.0.0.0/0 2>/dev/null || true
	ipchains -I input -j DENY -p all -l -s 127.0.0.0/8 -i eth0 -d 0.0.0.0/0 >/dev/null
	ipchains -I input -j DENY -p all -l -s 127.0.0.0/8 -i eth1 -d 0.0.0.0/0 >/dev/null

	# deny incoming packets pretending to be from our own system.
	# set your own IP address below (or use `hostname -i` to set it).
#	my_ip=192.168.14.1
#	ipchains -D input -j DENY -p all -l -s $my_ip -i eth0 -d 0.0.0.0/0 2>/dev/null || true
#	ipchains -D input -j DENY -p all -l -s $my_ip -i eth1 -d 0.0.0.0/0 2>/dev/null || true
#	ipchains -I input -j DENY -p all -l -s $my_ip -i eth0 -d 0.0.0.0/0 >/dev/null
#	ipchains -I input -j DENY -p all -l -s $my_ip -i eth1 -d 0.0.0.0/0 >/dev/null
	echo "done."
    fi
}


case "$1" in
    start)
	spoofprotect
	echo "."
	;;
    stop)
	;;
    reload)
	;;
    restart)
	;;
    *)
	echo "Usage: $0 {start|stop|reload|restart}"
	exit 1
	;;
esac

exit 0


