#! /bin/bash
### BEGIN INIT INFO
# Provides:          iptables
# Required-Start:    $network $remote_fs
# Required-Stop:     $network $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Iptables
# Description:       Init script for iptables
### END INIT INFO

IPTABLES_CONFIG="/etc/sysconfig/iptables"

test -r $IPTABLES_CONFIG || { echo "$IPTABLES_CONFIG not existing";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 6; fi; }

# Read config
. $IPTABLES_CONFIG

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num><num>
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status
. /etc/rc.status

# First reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.

case "$1" in 
	start)
		echo -n "Starting iptables"
		if [ -e "${IPTABLES_SAVE}" ]; then
			/usr/sbin/iptables-restore --test < ${IPTABLES_SAVE} ; ERR=$?
			if [ ! $ERR = "0" ]; then
				echo "There's an error in ${IPTABLES_SAVE} - please correct!"
				exit 1
			fi
			/usr/sbin/iptables-restore < ${IPTABLES_SAVE}
		else
			echo "${IPTABLES_SAVE} doesn't exist!"
		fi
		rc_status -v
		rc_reset
		;;
	stop)
		echo -n "Stopping iptables"
		/usr/sbin/iptables -F
		/usr/sbin/iptables -X
		/usr/sbin/iptables -t nat -F
		/usr/sbin/iptables -t nat -X
		/usr/sbin/iptables -t mangle -F
		/usr/sbin/iptables -t mangle -X
		/usr/sbin/iptables -P INPUT ACCEPT
		/usr/sbin/iptables -P FORWARD ACCEPT
		/usr/sbin/iptables -P OUTPUT ACCEPT
		rc_status -v
		rc_reset
		;;
	restart)
		/usr/sbin/iptables-restore --test < ${IPTABLES_SAVE} ; ERR=$?
		if [ ! $ERR = "0" ]; then
			echo "There's an error in ${IPTABLES_SAVE} - please correct!"
			exit 1
		fi

		$0 stop
		$0 start
		rc_status
		;;
	*)
		echo "Usage: $0 (start|stop|restart)"
		exit 1
		;;
esac
rc_exit
