#To: gopher@boombox.micro.umn.edu
#Subject: Gopher on a Firewall
#Organisation: BNR Europe, HARLOW, Essex CM17 9NA, GB
#Phone: +44 279 402423
#Return-Receipt-To: A.Macpherson@bnr.co.uk
#Date: Mon, 17 May 93 19:38:24 +0100
#From: Andrew Macpherson (Postmaster) <A.Macpherson@bnr.co.uk>
#Status: OR

#You may think this trivial, but it is offered with my complements

#The use is to allow access to the gopher-world from a Network behind a
#firewall.



#----------------------------------------------------------------------
# Firewall gopher-hole, A.Macpherson@bnr.co.uk

@g2go4_acl=(
#     ipaddress  access + = allow, - = deny    
#     '^47\.      +',
#     '^128.199\.     +',
     '.*         +'
  );

$SafeTypes = "^(0|1|3|4|5|6|7|9)" ;  # Gopher tags we will pass
#----------------------------------------------------------------------

sub g2go4_main {
 local($_ )= @_;

 &Gsorry if /^sorry$/;

  if (&check_access() eq '-') {
      &Greply("0Sorry! No access from Non-local hosts\t$Ggw sorry\t$Ghost\t$Gport");
      &Greply("."); 
      exit; 
  }

 if (/^$/) {
  &Greply("1Imperial College Archive\t$Ggw 70\007src.doc.ic.ac.uk\007\t$Ghost\t$Gport");
  &Greply(".");
  exit(0);
 }
 ( $port, $host, $query ) = split('\007') ;
 &GopenServer($host, $port);
 &Gsend($query) ;

 # We may be doing a file transfer here, or it may be another menu
 # all we can do is intuit.

 $First = <GSERVER> ;
 $Second = <GSERVER> ;
 if ( $First =~ /^[^\t]*\t[^\t]*\t[^\t]*\t[^\t]*$/ &&
    ($Second eq ".\r\n" ||
     $Second =~ /^[^\t]*\t[^\t]*\t[^\t]*\t[^\t]*$/ )) { # close enough
    $First =~ s/[\r\n]//g ;
  ( $disp, $sel, $host, $port ) = split('\t', $First) ;
    print "${disp}\t$Ggw ${port}\7${host}\7${sel}\t$Ghost\t$Gport\r\n" 
	if $disp =~ m/${SafeTypes}/ ;
    if ($Second eq ".\r\n" ) {
      print $Second ;
      exit 0;
    }
    $Second =~ s/[\r\n]//g ;
  ( $disp, $sel, $host, $port ) = split('\t', $Second) ;
    print "${disp}\t$Ggw ${port}\7${host}\7${sel}\t$Ghost\t$Gport\r\n" 
	if $disp =~ m/${SafeTypes}/ ;
    while(<GSERVER>) {
      s/[\r\n]//g ;
      if ( $_ eq "." ) {
	print ".\r\n" ;
	exit 0;
      }
    ( $disp, $sel, $host, $port ) = split('\t') ;
      print "${disp}\t$Ggw ${port}\7${host}\7${sel}\t$Ghost\t$Gport\r\n" 
	if $disp =~ m/${SafeTypes}/ ;
    }
 } else {
   while(<GSERVER>) {
     print ;
   }
 }
}



sub check_access {

   return 1 if (-t STDIN);
   $sockaddr = 'S n a4 x8';
   $mysockaddr = getpeername(STDIN);
   ($ramily,$rport,$raddr) = unpack($sockaddr,$mysockaddr);
   ($a,$b,$c,$d) = unpack('C4',$raddr);
   $ipaddress = "$a.$b.$c.$d";

   foreach (@g2go4_acl) {
      ($ipacl,$access)=split;
      return $access if  ($ipaddress =~ /$ipacl/);
   }
   return '-'; #default is to restrict access
}

1; # for require

