#!/bin/sh
########################################################################
# Begin iptables
#
# Description : Start iptables
#
# Authors     : Ken Moffat - ken@linuxfromscratch.org
#               Bruce Dubbs - bdubbs@linuxfromscratch.org
#
# Version     : LFS 7.0
#
########################################################################

### BEGIN INIT INFO
# Provides:          iptables
# Required-Start:    
# Should-Start:
# Required-Stop:     $local_fs
# Should-Stop:
# Default-Start:     3 4 5
# Default-Stop:     
# Short-Description: Loads iptables rules.
# Description:       Iptables provides firewall for Linux systems.
# X-LFS-Provided-By: BLFS / LFS 7.0
### END INIT INFO

. /lib/lsb/init-functions

IPTABLES_TYPES=("iptables" "ip6tables")
IPTABLES=""

start() {
    IPTABLES=$1
    log_info_msg "Starting ${IPTABLES}..."
    if [ -f /etc/sysconfig/$IPTABLES ]; then
	/sbin/"$IPTABLES"-restore /etc/sysconfig/$IPTABLES
    fi
    evaluate_retval
}

lock() {
    IPTABLES=$1
    log_info_msg "Locking system $IPTABLES firewall..."
    /sbin/$IPTABLES --policy INPUT   DROP && \
	/sbin/$IPTABLES --policy OUTPUT  DROP && \
	/sbin/$IPTABLES --policy FORWARD DROP && \
	/sbin/$IPTABLES           --flush && \
	/sbin/$IPTABLES -t nat    --flush && \
	/sbin/$IPTABLES -t mangle --flush && \
	/sbin/$IPTABLES           --delete-chain && \
	/sbin/$IPTABLES -t nat    --delete-chain && \
	/sbin/$IPTABLES -t mangle --delete-chain && \
	/sbin/$IPTABLES -A INPUT  -i lo -j ACCEPT && \
	/sbin/$IPTABLES -A OUTPUT -o lo -j ACCEPT && \
    evaluate_retval
}

clear() {
    IPTABLES=$1
    log_info_msg "Clearing system iptables iptables..."
    /sbin/$IPTABLES --policy INPUT   ACCEPT && \
	/sbin/$IPTABLES --policy OUTPUT  ACCEPT && \
	/sbin/$IPTABLES --policy FORWARD ACCEPT && \
	/sbin/$IPTABLES           --flush && \
	/sbin/$IPTABLES -t nat    --flush && \
	/sbin/$IPTABLES -t mangle --flush && \
	/sbin/$IPTABLES           --delete-chain && \
	/sbin/$IPTABLES -t nat    --delete-chain && \
	/sbin/$IPTABLES -t mangle --delete-chain
    evaluate_retval
}

status() {
    IPTABLES=$1
    /sbin/$IPTABLES           --numeric --list
    /sbin/$IPTABLES -t nat    --numeric --list
    /sbin/$IPTABLES -t mangle --numeric --list
}

save() {
    IPTABLES=$1
    log_info_msg "Saving ${IPTABLES} rules..."
    /sbin/"$IPTABLES"-save > /etc/sysconfig/$IPTABLES
    evaluate_retval
}

case "$1" in
    start)
	for t in ${IPTABLES_TYPES[@]}
	do
	    start $t
	done
        ;;

    stop)
	for t in ${IPTABLES_TYPES[@]}
	do
	    clear $t
	done
        ;;

    lock)
	for t in ${IPTABLES_TYPES[@]}
	do
	    lock $t
	done
        ;;

    save)
	for t in ${IPTABLES_TYPES[@]}
	do
	    save $t
	done
        ;;

    clear)
	for t in ${IPTABLES_TYPES[@]}
	do
	    clear $t
	done
        ;;

    status)
	status iptables
        ;;

    status6)
	status ip6tables
	;;

    *)
        echo "Usage: $0 {start|stop|clear|lock|status|status6|save}"
        exit 1
        ;;
esac

# End /etc/init.d/iptables
