#!/bin/sh
#
# tpol firewall script.
#
# reads /etc/firewall*


if test -e "/etc/firewall.conf"; then
    . /etc/firewall.conf
else
    echo "Configuration /etc/firewall.conf does not exist!"
    exit 1
fi

log="-m limit --limit $LIMITLEVEL -j LOG --log-level $LOGLEVEL --log-prefix "  
cdir="/etc/firewall.d"


function stop {
    # default policies
    $fw -P INPUT   ACCEPT
    $fw -P OUTPUT  ACCEPT
    $fw -P FORWARD ACCEPT
    $tc qdisc del dev $EX_INT root

    # delete custom chains
    $fw -X ACC_IN
    $fw -X ACC_OUT
    $fw -X DYNAMIC
}


function reset {
    # flush
    $fw -F INPUT
    $fw -F OUTPUT
    $fw -F FORWARD
    $fw -F -t mangle
    $fw -F ACC_IN
    $fw -F ACC_OUT
    $fw -F DYNAMIC

    # zero counters
    $fw -Z INPUT
    $fw -Z OUTPUT
    $fw -Z FORWARD
    $fw -Z -t mangle
    $fw -Z ACC_IN
    $fw -Z ACC_OUT
    $fw -Z DYNAMIC
}


function start {
    # initialize chains
    $fw -X ACC_IN
    $fw -X ACC_OUT
    $fw -X DYNAMIC
    $fw -N ACC_IN
    $fw -N ACC_OUT
    $fw -N DYNAMIC

    $fw -P INPUT   $IN_POLICY
    $fw -P OUTPUT  $OUT_POLICY
    $fw -P FORWARD $FOR_POLICY

    # firewall rules
    if test -e "$cdir/firewall.rules"; then
	. $cdir/firewall.rules
    fi

    # kernel config
    if test -e "$cdir/firewall.kernel"; then
	. $cdir/firewall.kernel
    fi

    # quality of service config
    if test -e "$cdir/firewall.tc"; then
	. $cdir/firewall.tc
    fi
}



case $1 in
    "start")
	    echo "Starting firewall"
	    fw="iptables"
	    tc="tc"
	    echo="echo"
	    reset
	    start
	    ;;
    "print")
	    fw="echo iptables"
	    tc="echo tc"
	    echo="print"
	    reset
	    start
	    ;;
    "stop")
	    echo "Stopping firewall"
	    fw="iptables"
	    tc="tc"
	    reset
	    stop
	    ;;
    "restart")
	    $0 start
	    ;;
    "status")
	    echo "------[ table filter ]------"
	    iptables -L -n -v --line-numbers
	    echo "------[ table mangle ]------"
	    iptables -L -n -v -t mangle --line-numbers
	    ;;
    *)
	    echo "usage: $0 {start|stop|restart|print}"
	    ;;
esac
