#!/bin/bash
# $Id: ipt-filter-sunrpc,v 1.2 2007/01/25 19:08:47 friedman Exp $

# Assuming that packet filtering is enabled, this script allows or
# disallows sunrpc packets to pass through.

portinfo()
{
  rpcinfo -p "$@" | perl -ane '
    if ($F[2] =~ /^(tcp|udp)$/) { $p{$F[2]}{$F[3]} = 1 }
    END { map { @p = sort { $a <=> $b } keys %{$p{$_}};
                print $_, " ", join (",", @p), "\n" }
              sort { $a cmp $b } keys %p
        }'
}

currentfilter()
{
  iptables -L INPUT -n | awk '/ipt-filter-sunrpc/ {print $2, $8}'
}

ipt()
{
  local op=$1
  local proto=$2
  local ports=$3
  shift 3

  set fnord \
      ${IPTABLES-iptables} \
      $op INPUT \
      -p $proto \
      -m multiport \
      --dports $ports \
      -m comment \
      --comment "ipt-filter-sunrpc" \
      "$@" \
      -j ACCEPT
  shift

  echo + "$@"
  "$@"
}

main()
{
  case ${EUID-${UID-`id -u`}} in
    0 ) : ;;
    * ) exec sudo "$0" "$@" ;;
  esac

  case $1 in
    on  | allow | enable  ) op=-I cmd=portinfo ;;
    off | deny  | disable ) op=-D cmd=currentfilter ;;
    * ) echo "Usage: ${0##*/} [allow|deny]" 1>&2 ; exit 1 ;;
  esac

  shift

  $cmd | while read proto ports ;
  do
    ipt $op $proto $ports "$@"
  done
}

main "$@"

# eof