###############################################################################
# Code imported from /usr/share/shorewall/prog.footer
###############################################################################
#
# Give Usage Information
#
usage() {
    echo "Usage: $0 [ options ] <command>"
    echo
    echo "<command> is one of:"
    echo "   start"
    echo "   stop"
    echo "   clear"
    echo "   disable <interface>"
    echo "   down <interface>"
    echo "   enable <interface>"
    echo "   reset"
    echo "   refresh"
    echo "   restart"
    echo "   status"
    echo "   up <interface>"
    echo "   version"
    echo
    echo "Options are:"
    echo
    echo "   -v and -q        Standard Shorewall verbosity controls"
    echo "   -n               Don't unpdate routing configuration"
    echo "   -p               Purge Conntrack Table"
    echo "   -t               Timestamp progress Messages"
    echo "   -V <verbosity>   Set verbosity explicitly"
    echo "   -R <file>        Override RESTOREFILE setting"
    exit $1
}

checkkernelversion() {
    local kernel

    if [ $g_family -eq 6 ]; then
	kernel=$(uname -r 2> /dev/null | sed -e 's/-.*//')

	case "$kernel" in
	    *.*.*)
		kernel=$(printf "%d%02d%02d" $(echo $kernel | sed -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
		;;
	    *)
		kernel=$(printf "%d%02d00" $(echo $kernel | sed -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2/g'))
		;;
	esac

	if [ $kernel -lt 20624 ]; then
	    error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
	    return 1
	fi
    fi

    return 0
}

################################################################################
# E X E C U T I O N    B E G I N S   H E R E				       #
################################################################################
#
# Start trace if first arg is "debug" or "trace"
#
g_debug_iptables=

if [ $# -gt 1 ]; then
    if [ "x$1" = "xtrace" ]; then
	set -x
	shift
    elif [ "x$1" = "xdebug" ]; then
	g_debug_iptables=Yes
	shift
    fi
fi
#
# Map VERBOSE to VERBOSITY for compatibility with old Shorewall[6]-lite installations
#
[ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE
#
# Map other old exported variables
#
g_purge=$PURGE
g_noroutes=$NOROUTES
g_timestamp=$TIMESTAMP
g_recovering=$RECOVERING

initialize

if [ -n "$STARTUP_LOG" ]; then
    touch $STARTUP_LOG
    chmod 0600 $STARTUP_LOG
    if [ ${SHOREWALL_INIT_SCRIPT:-0} -eq 1 ]; then
	#
	# We're being run by a startup script that isn't redirecting STDOUT
	# Redirect it to the log
	#
	exec 2>>$STARTUP_LOG
    fi
fi

finished=0

while [ $finished -eq 0 -a $# -gt 0 ]; do
    option=$1
    case $option in
	-*)
	    option=${option#-}

	    [ -z "$option" ] && usage 1

	    while [ -n "$option" ]; do
		case $option in
		    v*)
			[ $VERBOSITY -lt 2 ] && VERBOSITY=$(($VERBOSITY + 1 ))
			option=${option#v}
			;;
		    q*)
			[ $VERBOSITY -gt -1 ] && VERBOSITY=$(($VERBOSITY - 1 ))
			option=${option#q}
			;;
		    n*)
			g_noroutes=Yes
			option=${option#n}
			;;
		    t*)
			g_timestamp=Yes
			option=${option#t}
			;;
		    p*)
			g_purge=Yes
			option=${option#p}
			;;
		    r*)
			g_recovering=Yes
			option=${option#r}
			;;
		    V*)
			option=${option#V}

			if [ -z "$option" -a $# -gt 0 ]; then
			    shift
			    option=$1
			fi

			if [ -n "$option" ]; then
			    case $option in
				-1|0|1|2)
				    VERBOSITY=$option
				    option=
				    ;;
				*)
				    startup_error "Invalid -V option value ($option)"
				    ;;
			    esac
			else
			    startup_error "Missing -V option value"
			fi
			;;
		    R*)
			option=${option#R}

			if [ -z "$option" -a $# -gt 0 ]; then
			    shift
			    option=$1
			fi

			if [ -n "$option" ]; then
			    case $option in
				*/*)
	    			    startup_error "-R must specify a simple file name: $option"
				    ;;
				.safe|.try|NONE)
				    ;;
				.*)
				    error_message "ERROR: Reserved File Name: $RESTOREFILE"
				    exit 2
				    ;;
			    esac
			else
			    startup_error "Missing -R option value"
			fi

			RESTOREFILE=$option
			option=
			;;
		    *)
			usage 1
			;;
		esac
	    done
	    shift
	    ;;
	*)
	    finished=1
            ;;
    esac
done

COMMAND="$1"

case "$COMMAND" in
    start)
	[ $# -ne 1 ] && usage 2
	if product_is_started; then
	    error_message "$g_product is already Running"
	    status=0
	else
	    progress_message3 "Starting $g_product...."
	    if checkkernelversion; then
		detect_configuration
		define_firewall
		status=$?
		if [ $status -eq 0 ]; then
		    [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
		    progress_message3 "done."
		fi
	    fi
	fi
	;;
    stop)
	[ $# -ne 1 ] && usage 2
	if checkkernelversion; then
	    progress_message3 "Stopping $g_product...."
	    detect_configuration
	    stop_firewall
	    status=0
	    [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
	    progress_message3 "done."
	fi
	;;
    reset)
	if ! product_is_started ; then
	    error_message "$g_product is not running"
	    status=2
	elif checkkernelversion; then
	    if [ $# -eq 1 ]; then
		$g_tool -Z
		$g_tool -t mangle -Z
		date > ${VARDIR}/restarted
		status=0
		progress_message3 "$g_product Counters Reset"
	    else
		shift
		status=0
		for chain in $@; do
		    if chain_exists $chain; then
			if qt $g_tool-Z $chain; then
			    progress_message3 "Filter $chain Counters Reset"
			else
			    error_message "ERROR: Reset of chain $chain failed"
			    status=2
			    break
			fi
		    else
			error_message "WARNING: Filter Chain $chain does not exist"
		    fi
		done
	    fi
	fi
	;;
    restart)
	[ $# -ne 1 ] && usage 2
	if product_is_started; then
	    progress_message3 "Restarting $g_product...."
	else
	    error_message "$g_product is not running"
	    progress_message3 "Starting $g_product...."
	    COMMAND=start
	fi

	if checkkernelversion; then
	    detect_configuration
	    define_firewall
	    status=$?
	    if [ -n "$SUBSYSLOCK" ]; then
 		[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
            fi

	    [ $status -eq 0 ] && progress_message3 "done."
	fi
	;;
    refresh)
	[ $# -ne 1 ] && usage 2
	if product_is_started; then
	    progress_message3 "Refreshing $g_product...."
	    if checkkernelversion; then
		detect_configuration
		define_firewall
		status=$?
		[ $status -eq 0 ] && progress_message3 "done."
	    fi
	else
	    echo "$g_product is not running" >&2
	    status=2
	fi
	;;
    restore)
	[ $# -ne 1 ] && usage 2
	if checkkernelversion; then
	    detect_configuration
	    define_firewall
	    status=$?
	    if [ -n "$SUBSYSLOCK" ]; then
 		[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
            fi
	    [ $status -eq 0 ] && progress_message3 "done."
	fi
	;;
    clear)
	[ $# -ne 1 ] && usage 2
	progress_message3 "Clearing $g_product...."
	if checkkernelversion; then
	    clear_firewall
	    status=0
	    if [ -n "$SUBSYSLOCK" ]; then
		rm -f $SUBSYSLOCK
	    fi
	    progress_message3 "done."
	fi
	;;
    status)
	[ $# -ne 1 ] && usage 2
	echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)"
	echo
	if product_is_started; then
	    echo "$g_product is running"
	    status=0
	else
	    echo "$g_product is stopped"
	    status=4
	fi

	if [ -f ${VARDIR}/state ]; then
	    state="$(cat ${VARDIR}/state)"
	    case $state in
		Stopped*|Clear*)
		    status=3
		    ;;
	    esac
	else
	    state=Unknown
	fi
	echo "State:$state"
	echo
	;;
    up|down)
	[ $# -eq 1 ] && exit 0
	shift
	[ $# -ne 1 ] && usage 2
	mutex_on
	( updown $1 )
	mutex_off
	status=0
	;;
    enable)
	[ $# -eq 1 ] && exit 0
	shift
	[ $# -ne 1 ] && usage 2
	if product_is_started; then
	    detect_configuration
	    enable_provider $1
	fi
	status=0
	;;
    disable)
	[ $# -eq 1 ] && exit 0
	shift
	[ $# -ne 1 ] && usage 2
	if product_is_started; then
	    detect_configuration
	    disable_provider $1
	fi
	status=0
	;;
    version)
	[ $# -ne 1 ] && usage 2
	echo $SHOREWALL_VERSION
	status=0
	;;
    help)
	[ $# -ne 1 ] && usage 2
	usage 0
	;;
    *)
	usage 2
	;;
esac

exit $status