#!/bin/sh

# define defaults
IPT="/sbin/iptables"
IFC="/sbin/ifconfig"
CFG_DIR="/etc/lewall"
SHR_DIR="/usr/share/lewall"

if [ ! -x $IPT ]; then
    echo "iptables not found" >&2
    exit 1
fi

if [ ! -x $IFC ]; then
    echo "ifconfig not found" >&2
    exit 1
fi

for var in MODULES_CONNTRACK MODULES_NAT ZONES DEBUG; do
    unset $var
done

test -f $SHR_DIR/functions.sh || exit 0

source $SHR_DIR/functions.sh
source $CFG_DIR/lewall.conf

if [ -n "$UNCONFIGURED" ]; then
    echo "Configure the firewall before trying to start it"
    exit 1
fi

KERNEL_VERSION=`uname -r`
KV_MAJOR=`echo $KERNEL_VERSION | cut -d. -f1`
KV_MINOR=`echo $KERNEL_VERSION | cut -d. -f2`
KV_RELEASE=`echo $KERNEL_VERSION | cut -d. -f3`

if [ $KV_MAJOR -gt 2 -o \( $KV_MAJOR -eq 2 -a \( $KV_MINOR -gt 4 -o \( $KV_MINOR -eq 4 -a $KV_RELEASE -ge 18 \) \) \) ]; then
    EXTENDED_MANGLE=yes
else
    EXTENDED_MANGLE=no
fi

case "$1" in
    start)
        echo -n "Setting up firewall"
        
        load_modules
        activate_firewall

        echo "."
    ;;
    stop)
        echo -n "Removing firewall"
        
        deactivate_firewall
        unload_modules
        
        echo "."
    ;;
    reload)
        echo "Not implemented."
    ;;
    force-reload|restart)
        sh $0 stop
        sh $0 start
    ;;
    *)
        echo "Usage: /etc/init.d/firewall {start|stop|restart|force-reload}"
        exit 1
    ;;
esac
