#!/bin/sh -u

PATH="$PATH:/sbin"

. shell-config
. shell-error
. alterator-sh-functions

RULESDIR=/etc/net/ifaces/default/fw/iptables
ETCNET_FWOPTIONS=/etc/net/ifaces/default/fw/options
ETCNET_DEFAUILT_OPTIONS=/etc/net/ifaces/default/options


DATADIR="$1"; shift

[ -n "$DATADIR" -a -f "$DATADIR"/firewall_data ] || \
	fatal "Couldn't find data file in $DATADIR"

status="$(shell_config_get "$DATADIR"/firewall_data firewall_status)"

if test_bool "$status"; then
	grep -qs "^FW_TYPE=.*iptables.*" "$ETCNET_FWOPTIONS" ||
		sed -i -r "s;^FW_TYPE=\"?([[:alnum:][:blank:]]*)\"?;FW_TYPE=\"\1 iptables\";" "$ETCNET_FWOPTIONS"

	shell_config_set "$ETCNET_DEFAUILT_OPTIONS" CONFIG_FW yes
else
	/etc/net/scripts/contrib/efw --iptables default all stop >/dev/null 2>&1
	sed -i -r -e "/^FW_TYPE=/s;iptables;;" -e "/^FW_TYPE=/s;[[:blank:]]*\"[[:blank:]]*;\";g" "$ETCNET_FWOPTIONS"
fi

if [ -d "$DATADIR/firewall-rules" ]; then
	for f in $(find "$DATADIR/firewall-rules" -mindepth 2 -maxdepth 2 -type f); do
		t="${f#$DATADIR/firewall-rules/}"
		[ -d "$RULESDIR/${t%%/*}" ] || fatal "Unknown table $t"
		cp -f -- "$f" "$RULESDIR/$t" || exit 1
	done

	iptables_helper -4 write -c off

	if test_bool "$status"; then
		if /etc/net/scripts/contrib/efw --iptables default restart | grep '^ERROR'; then
			exit 1
		fi
	fi
fi

# Check

exit 0
