#!/usr/bin/perl -w
#*********************************************
# 
# Script Name: gateway-l
#
# Edit By: Francesco Cecconi
#          fcecconi@cpan.org
#
#*********************************************
#
#*********************************************
# Function: start_rules_interface()
# Function: stop_rules_interfaces()
# Function: stop_rules_range()
# Function: Main()
# Function: help()
# Function: version()
#*********************************************

use strict;

use Getopt::Long;    # Options Parser
use Term::ANSIColor; # ANSI Color Font

use English;

Getopt::Long::Configure('auto_abbrev','no_ignore_case');

#
# Global Variables
#

my $developer         ="Cecconi Fracesco"; 
my $email             ="<fcecconi\@cpan.org>";
my $version           ="0.3";

my $start_forward     ="1";
my $stop_forward      ="0";
my $firewall          ="iptables";
my $path              ="/proc/sys/net/ipv4/ip_forward";

my $DEBUG = 0;

#
# Gateway Start Interface Function
#

sub start_rules_interface {

    my ($ethernet) = @_; # Ethernet Value

    my $cmd_forwarding;
    my $cmd_firewall;
    my $error_forw;
    my $error_firew;

    #
    # Starting Forward Rules
    #
    
    $cmd_forwarding = "echo \"$start_forward\" > \"$path\" ";


    if(!$DEBUG) {
      $error_forw = system($cmd_forwarding);
      
      if($error_forw) {
	  print colored ("Error Forward Rules!\n", 'bold red');
      }
      else {
	  print colored ("Set Forward Rules\n", 'bold green');
      }
    }
    else {
	print"DEBUG[Rules Eth]::Echo Rules:$cmd_forwarding\n" if($DEBUG);
    }


    $cmd_firewall=" \"$firewall\" -t nat -A POSTROUTING -o \"$ethernet\" -j MASQUERADE";
    

    if(!$DEBUG) {
	$error_firew = system($cmd_firewall);

	if($error_firew) {
	    print colored ("Error Forward Rules!\n", 'bold red');
	}
	else {
	    print colored ("Set Iptables Masquerade Rules\n", 'bold green');
	}
    }
    else {
	print"DEBUG[Rules Eth]::firewall Rules:$cmd_firewall\n" if($DEBUG);
    }
    

}

#
# Gateway Start Interface Function
#

sub start_rules_range {

    my ($range) = @_;    # passaggio dell'ip

    my $cmd_forwarding;
    my $cmd_firewall;
    my $error_forw;
    my $error_firew;

    #
    # Starting Forward Rules
    #


    $cmd_forwarding = "echo \"$start_forward\" > \"$path\" ";

    if(!$DEBUG) {
	$error_forw = system($cmd_forwarding);
    }
    else {
	print"DEBUG[Rules Range]::Echo Rules:$cmd_forwarding\n" if($DEBUG);
    }
    
    if($error_forw) {
	print colored ("Error Forward Rules!\n", 'bold red');
    }
    else {
	print colored ("Set Forward Rules\n", 'bold green');
    }

    $cmd_firewall=" \"$firewall\" -t nat -A POSTROUTING -d  ! \"$range\" -j MASQUERADE";

  
    if(!$DEBUG) {
	$error_firew = system($cmd_firewall);
    }
    else {
	print"DEBUG[Rules Range]::firewall Rules:$cmd_firewall\n" if($DEBUG);
    }
    
    if($error_firew) {
	print colored ("Error Forward Rules!\n", 'bold red');
    }
    else {
	print colored ("Set Iptables Masquerade Rules\n", 'bold green');
    }
}


#
# Gateway Stop Function
#
#
sub stop_rules_interface {

    my $cmd_forwarding;
    my $cmd_firewall;
    my $cmd_firewall_nat;
    my $error_forw;
    my $error_firew;

    #
    # Starting Forward Rules
    #
    
    $cmd_forwarding = "echo \"$stop_forward\" > \"$path\" ";

    if($DEBUG) {
	print"DEBUG[Unset Rules]::Echo Rules:$cmd_forwarding\n";
    }
    else {
	
	$error_forw = system($cmd_forwarding);

	if($error_forw) {
	    print colored ("Error Forward Rules!\n", 'bold red');
	}
	else {
	    print colored ("UnSet Forward Rules\n", 'bold green');
	}
    }
    
    $cmd_firewall=" \"$firewall\" -F" ;
    
    if($DEBUG) {
	print"DEBUG[Unset Iptables Rules]::Echo Rules:$cmd_firewall\n";
    }
    else {
	$error_firew = system($cmd_firewall);

	if($error_firew) {
	    print colored ("Error Forward Rules!\n", 'bold red');
	}
	else {
	    print colored ("UnSet Iptables Masquerade Rules\n", 'bold green');
	
	}
    }

    $cmd_firewall_nat=" \"$firewall\" -t nat -F" ;
    
    if($DEBUG) {
	print"DEBUG[Unset Nat Iptables Rules]::Echo Rules:$cmd_firewall_nat\n";
    }
    else {
	$error_firew = system($cmd_firewall_nat);

	if($error_firew) {
	    print colored ("Error Forward Rules!\n", 'bold red');
	}
	else {
	    print colored ("UnSet Nat Iptables Rules\n", 'bold green');
	
	}
    }
}

#
# Show Help Function
#
sub help {

    print <<EOH
 Usage: 
	
    gateway-l [Options] or [[Modality] [argument]] [Command]


Modality:
    
    -e                   Ethernet Interface
    -r                   IP lan Restrict mode

Argument:
    
    if -e  [ethernet interface(default eth0)]
    if -r  [range ip of MASQUERADE]

Options:

    -v, --version       Version of script
    -h, --help          Show this help screen

Command:

    start               Set the gateway rules
    stop                Unset the gateway rules

Examples:

    gateway-l -e start                (set the forward end MASQUERADE rules)
    gateway-l -e eth1 start           (set the forward end MASQUERADE rules)
    gateway-l -e stop                 (unset the forward end MASQUERADE rules)
    gateway-l -v                      (version information)
    gateway-l -r 192.168.1.0/24 start (set the forward range ip)
    gateway-l -r 192.168.1.0/24 stop  (unset the forward range ip)
    gateway-l -r stop                 (unset the forward range ip)

Report Bug to: $developer $email
EOH
}

#
# Show Version Function
#
sub version {

print <<EOH
   
gateway-l $version\n
$developer $email

*************************************************************
    
  : Total Support for interfaces Forwarding
  : Total Support for range ip restrictions Forwardind
      
*************************************************************
EOH
}


#
# Main
#
sub main {

    my $help     = 0;
    my $version  = 0;
    my $ethernet;
    my $ARG_val;
    my $ARG_count= 0;
    my $range    = 0;
    my $userid = 0;

    $ARG_count = $#ARGV;
    $ARG_val = $ARGV[$ARG_count];
    


    GetOptions (
	"help|h"                => \$help,      # help parser
	"version|v"             => \$version,   # version parser
	"ethernet|e=s"          => \$ethernet,  # etheret parser  (=s inserire il nome della scheda di rete)
	"range|r=s"             => \$range      # range parser    (=s inserire il l'indirizzo ip)
	);
    
    
    if ( $UID == 0  ) {
	
      # Options Preference
  
    $ARG_val = "" if(!defined($ARG_val));

    if ($ARG_count <= 2 && ($ARG_val eq "start" || $ARG_val eq "stop") && defined($ethernet)) {

	if ($ARG_val eq "start") {
	    print colored ("Setting Gateway Rules...\n", 'bold blue');
	    $ethernet ="eth0" if($ethernet eq "start");
	    start_rules_interface($ethernet);
	}
	else {
       	    print colored ("UnSetting Gateway Rules...\n", 'bold blue');
	    stop_rules_interface();
	}

    }
    elsif (defined($range) && $range ne "start" && ($ARG_val eq "start" || $ARG_val eq "stop") && $ARG_count <= 2) {
	
	if ($ARG_val eq "start") {
	    print colored ("TEst Rules Range...\n", 'bold blue');
	    start_rules_range($range);
	}
	else {
       	    print colored ("UnSetting Gateway Rules...\n", 'bold blue');
	    stop_rules_interface();
	}
	
    }
    elsif ($version == 1 && $ARG_count == 0) {
	version();
    }
    elsif ($help == 1 && $ARG_count == 0) {
	help();
    }
    else {
	print "Sintax error! try --help command!\n";
    }


    }
    else {
	print colored ("You aren't a Root!\n", 'bold red');
    }

}


#
# Start 
#

 &main();

=head1 NAME

 B<gateway-l 0.3> Perl script for set gateway rules

=head1 Author

 Francesco Cecconi fcecconi@cpan.org

=head1 Copyright
    
 Copyright 2006 Francesco Cecconi fcecconi@cpan.org
 This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

=head1 README
 
 Perl script for set gateway rules
 See gateway-l.pl --help

=head1 PREREQUISITES

 Getopt::Long;    
 Term::ANSIColor; 

=pod SCRIPT CATEGORIES

 Networking

=cut