#! /bin/sh
#
# ipac-ng init.d startup script
# noel@koethe.net, 2001-08-22

PATH=/sbin:/bin:/usr/sbin:/usr/bin
NAME=ipac-ng
DESC="IP Accounting"
CONFIG=/etc/ipac-ng/ipac.conf
DAEMON=/usr/sbin/fetchipac
PROC=/proc/net/ip_tables_names
IPTABLES=/sbin/iptables

# if program and/or configfile are not present stop startup
test -f $DAEMON && test -f $CONFIG || exit 0

check() {
	if ! [ -f $PROC ]; then
		echo " module ip_tables not loaded, loading ..."
		/sbin/modprobe ip_tables
		if ! [ -f $PROC ]; then 
			echo " IP filter missing in kernel! You need to compile in CONFIG_IP_NF_IPTABLES"
			exit 0
		fi
	fi

	if ! [ -f $IPTABLES ]; then
		echo " iptables is missing."
		exit 0
	fi
}

case "$1" in
  start)
	echo -n "Starting $DESC: "
	check
	$DAEMON -S
	echo "$NAME."
	;;
  stop)
	echo -n "Stopping $DESC: "
	# fetch accounting before removing the rules
	$DAEMON
	echo -n "flushing IP accounting rules ..."
	$IPTABLES --flush ipac~o
	$IPTABLES --flush ipac~i
	$IPTABLES --flush ipac~fi
	$IPTABLES --flush ipac~fo
	# here should the ipac_* rule be removed from INPUT OUTPUT and FORWARD but --flush is
	# evil because it would remove all rules in these chains.
	echo "$NAME stopped."
	;;
  restart | force-reload)
	echo -n "Restarting $DESC: "
	check
	# get accounting datas
	$DAEMON
	# write iptables accounting rules again
	$DAEMON -S
	echo "$NAME."
	;;
  *)
	echo "Usage: /etc/init.d/ipac {start|stop|restart|force-reload}"
	exit 1
	;;
esac

exit 0
