#!/sbin/runscript

# requires /etc/conf.d/firewall

opts="${opts} showstatus panic reload showoptions"

depend() {
	need net
	use logger
}

start() {
    ebegin "Starting firewall"
        logger -p security.info -t firewall -- starting
        set_firewall
    eend $?
}

stop() {
    ebegin "Stopping firewall"
    logger -p security.info -t firewall -- stopping
    $IPTABLES -P FORWARD ACCEPT
    $IPTABLES -P INPUT   ACCEPT
    $IPTABLES -P OUTPUT  ACCEPT
    $IPTABLES -F
    $IPTABLES -X
    eend $?
}

showstatus() {
    ebegin "Status"
    $IPTABLES -L -v --line-numbers
    eend $?
}

panic() {
    ebegin "Setting panic rules"
    logger -p security.warning -t firewall -- "Panic!"
    $IPTABLES -F
    $IPTABLES -X
    $IPTABLES -P FORWARD DROP
    $IPTABLES -P INPUT   DROP
    $IPTABLES -P OUTPUT  DROP
    $IPTABLES -A INPUT -i lo -j ACCEPT
    $IPTABLES -A OUTPUT -o lo -j ACCEPT
    eend $?
}

restart() {
    svc_stop; svc_start
}

reload() {
    ebegin "Reloading rules"
    logger -p security.info -t firewall -- reload rules
    set_firewall
    eend $!
}

showoptions() {
    echo "Usage: $0 {start|panic|stop|restart|reload|showstatus}"
    echo "start)      will restore setting if exists else force rule settings"
    echo "panic)      delete all rules and set all to DROP"
    echo "stop)       delete all rules and set all to accept"
    echo "restart)    force settings of new rules"
    echo "reload)     reset all rules"
    echo "showstatus) Shows the status"
}