#!/bin/sh -e

CONF=/etc/sysctl.conf

[ -e $CONF ] || exit 0

spoofprotect() {
	if ! egrep -q '^[ 	]*net.ipv4.conf.(all|default).rp_filter[ 	=]' $CONF
	then
		echo "# Converted from /etc/network/options:spoofprotect=yes" >> $CONF
		echo "net.ipv4.conf.all.rp_filter = 1" >> $CONF
		echo "net.ipv4.conf.default.rp_filter = 1" >> $CONF
	fi
}

ip_forward() {
	if ! grep -q '^[ 	]*net.ipv4.ip_forward[ 	=]' $CONF
	then
		echo "# Converted from /etc/network/options:ip_forward=yes" >> $CONF
		echo "net.ipv4.ip_forward = 1" >> $CONF
	fi
}

syncookies() {
	if ! grep -q '^[ 	]*net.ipv4.tcp_syncookies[ 	=]' $CONF
	then
		echo "# Converted from /etc/network/options:syncookies=yes" >> $CONF
		echo "net.ipv4.tcp_syncookies = 1" >> $CONF
	fi
}

doopt() {
	optname=$1
	default=$2
	opt=`grep "^$optname=" /etc/network/options`
	if [ -z "$opt" ]; then
		opt="$optname=$default"
	fi
	optval=${opt#$optname=}
	if [ "$optval" = "yes" ]; then
		eval $optname
	fi
}

process_options() {
	[ -e /etc/network/options ] || return 0
	doopt spoofprotect yes
	doopt syncookies no
	doopt ip_forward no
}

process_options

exit 0