#!/bin/bash

# set up IP address restriction rules for knoerre
# rules are built from entries in tcp_wrapper-files

umask 022

SERVICE=knoerre
DAEMONNAME=knoerre
RULES_FILE=/etc/"$DAEMONNAME".tcprules.cdb

# include all bins/sbins and local for i.e. egrep, in.telnetd, tcpserver
PATH="/command:/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin"

echo Setting up $RULES_FILE from '/etc/hosts.(deny|allow)'
{
  for IP in `egrep "^($SERVICE|ALL)": /etc/hosts.allow | sed "s,.*:,,"`
  do
    if [ "$IP" = "ALL" ]
    then
      echo :allow
    else
      echo $IP:allow
    fi
  done
  for IP in `egrep "^($SERVICE|ALL)" /etc/hosts.deny | sed "s,.*:,,"`
  do
    if [ "$IP" = "ALL" ]
    then
      echo :deny
    else
      echo $IP:deny
    fi
  done
} |tee /dev/stderr| tcprules $RULES_FILE "$RULES_FILE".tmp

exit 0

