#!/bin/sh
#
# Author: Stefan Jakobs <stefan.jakobs@rus.uni-stuttgart.de>
#
# /etc/init.d/ipfilter
# (based on /etc/init.d/SuSEfirewall2_setup)
#
### BEGIN INIT INFO
# Provides:          ipfilter
# Required-Start:    $network $local_fs $remote_fs
# Should-Start:      route dhclient $named
# Required-Stop:     $network $remote_fs
# Should-Stop:       $network
# Default-Start:     2 3 5
# Default-Stop:      0 1 2 4 6
# Short-Description: simplified ipfilter
# Description:       simplified ipfilter, replaces SuSEfirewall2
### END INIT INFO
# X-SuSE-Dep-Only

IPFILTER_BIN='/usr/sbin/iptconf'

function disable_ipfilter {
    iptables -F
    iptables -X
    iptables -P INPUT   ACCEPT
    iptables -P OUTPUT  ACCEPT
    iptables -P FORWARD ACCEPT
    if [ -f /proc/net/if_inet6 ] && [ -x /usr/sbin/ip6tables ] ; then
       ip6tables -F
       ip6tables -X
       ip6tables -P INPUT   ACCEPT
       ip6tables -P OUTPUT  ACCEPT
       ip6tables -P FORWARD ACCEPT
    fi
}

. /etc/rc.status

rc_reset

case "$1" in
    start)
        echo -n "Starting ipfilter "
        $IPFILTER_BIN

        # Remember status and be quiet
        rc_status -v
        ;;
    stop)
        echo -n "Stopping ipfilter "
        disable_ipfilter

        # Remember status and be quiet
        rc_status -v
        ;;
    restart|force-reload)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start

        # Remember status and be quiet
        rc_status
        ;;
    try-restart|reload)
        $0 status >/dev/null 2>&1 || exit 7
        $0 start
        ;;
    restart2)
        # the restart2 argument is used by yast2 to not open any ports
        # while the filter rules are being rewritten.
        $0 start
        ;;
    status)
        echo "Checking the status of the Firewall "
        iptables -L | grep ACCEPT >/dev/null || rc_failed 3
        rc_status -v
        ;;
    *)
        echo "Usage: $0 {start|stop|status|restart|reload|force-reload}"
        exit 1
        ;;
esac

# Set exit status
rc_exit
