#!/bin/sh
#
#$Id: rc.192.168.0.1,v 1.4 2003/05/01 11:41:37 cws Exp $
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
base_path=`dirname $0`

#Fix errors in CD-ROM images
chmod og+rw /dev/null

#Kill unused daemon that start in CD-ROM etc/rc.conf
killall -9 inetd
killall -9 sendmail
killall -9 dhclient

#Sendmail for outbound mail only.
sendmail -q30m &

hostname firewall.net0.intranet

#Config network interface and routing
route delete default 2>/dev/null
ifconfig xl1 inet 192.168.1.1 netmask 255.255.255.0
route add default 192.168.1.254

#Make /etc read/write
chown -R root:wheel /etc
cd /etc/mail
make

#Copy program need for ipaudit
mkdir /var/ipaudit
cp ${base_path}/../scripts/ipaudit /var/ipaudit
cp ${base_path}/../scripts/cappkg.pl /var/ipaudit
cp ${base_path}/../scripts/synclock.sh /var/ipaudit

#Home for root
mkdir /var/root
mkdir /var/admin
chown admin:admin /var/admin

#Start package capture stat
/var/ipaudit/cappkg.pl &           
/var/ipaudit/synclock.sh &

#Install cron
crontab -u root ${base_path}/../config/10.0.0.200/crontab	
cp ${base_path}/../config/192.168.0.1/periodic.conf /etc

#--------------------
# Firewall configuration 
# Prevent any host to use this host as a switch.
#--------------------
#Enable gateways and routing
sysctl net.inet.ip.forwarding=1 >/dev/null
routed -s &

sysctl net.inet.ip.fw.dyn_max=8192
ipfw=/sbin/ipfw
${ipfw} -q flush
#Not need with current rule set because we have keep-stat
#Rule 
#${ipfw} add check-state

#Limit bandwidth
#${ipfw} add pipe 1 ip from ${x.x.x.x} to any out
#${ipfw} add pipe 2 ip from ${x.x.x.x} to any in
#${ipfw} pipe 1 config bw 64Kbit/s queue 10Kbytes
#${ipfw} pipe 2 config bw 64Kbit/s queue 10Kbytes

#Traffic to firewall
${ipfw} add allow ip from me to any
${ipfw} add allow ip from any to me

#${ipfw} add forward a.b.c.d ip from x.x.x.x to not ${x.x.x.x/24}

#Open firewall -- trade security with convenient 
${ipfw} add 65535 allow ip from any to any