#------------------------------------------------------------------------------
# /etc/rc.d/rc650.ss5 - start ss5 socks proxy
#
# Creation:     09.02.2006 babel
# Last Update:  $Id$
#------------------------------------------------------------------------------

case $OPT_SS5 in
yes)
    begin_script SS5 "starting ss5 socks proxy..."

    # add chain in-ss5
    get_count INPUT
    add_chain in-ss5
    ins_rule filter INPUT 'in-ss5' $res "ss5 access"
    add_nat_chain pre-in-ss5

    bind_list=
    for idx in `seq 1 $SS5_LISTEN_N`
    do
        eval addr='$SS5_LISTEN_'$idx''
        oldIFS="$IFS"
        IFS=":"
        set -- $addr
        IFS="$oldIFS"
        eval translate_ip_net $1
        if ! is_error
        then
            bind_list="$bind_list $res:$2"
        fi
    done

    allow_list=
    for idx in `seq 1 $SS5_ALLOW_N`
    do
        eval addr='$SS5_ALLOW_'$idx''
        eval translate_ip_net $addr
        if ! is_error
        then
            allow_list="$allow_list $res"
        fi
    done

    for allow in $allow_list
    do
        for bind in $bind_list
        do
            add_rule filter in-ss5 "prot:tcp $allow $bind ACCEPT"
        done
    done

    {
        echo "auth 0.0.0.0/0 - -"
        echo "permit - 0.0.0.0/0 - 0.0.0.0/0 - - - - -"
    }>/etc/ss5.conf

    # create empty ss5.ha file to avoid a warning
    mkdir -p /etc/ss5
    > /etc/ss5/ss5.ha

    # create directory where the PID file is stored
    mkdir -p /var/run/ss5

    for b in $bind_list
    do
        ss5 -b $b -t -u nobody -s -m 
    done

    end_script
;;
esac