#!/bin/sh
# script to add ipfw counter rules for each user
# in /etc/passwd

# path to ipfw:
fw=/sbin/ipfw

# allowall rule:
allow_all=`echo $fw -q add 65000 allow all from any to any`

# flush cmd:
flush=`echo $fw -f -q flush`

# $users a list of all users in pw db, one per line:
#users=`sed -e '/grep -v ^# /etc/passwd | awk -F: '{print $1}'`
users=`sed -E -e '/^(#|root|toor|daemon|operator|bin|tty|kmem|\
games|news|man|smmsp|bind|uucp|xten|pop|nobody|mysql|sonictown|\
test|www|sshd|ftp|cpimps|administrator|eggshell|cyrus|analog)/d' \
-e 's/:.*//' /etc/passwd`

startfw () {
	# Flush the current rules:
	$flush

	# for each user, create a rule:
	for user in `echo $users`
	do
		$fw -q add count all from any to any uid $user
	done

	# make sure we allow all:
	$allow_all
	echo "ipfw accounting rules added... "
}

case "$1" in
	stop)
		$flush
		$allow_all
		echo "ipfw accounting rules flushed..."
		;;
	start)
		startfw
		;;
	*)
		echo "Usage: `basename $0` { start | stop }"
		;;
esac