#
# Clear Proxy Arp
#
delete_proxyarp() {
    if [ -f ${VARDIR}/proxyarp ]; then
	while read address interface external haveroute; do
	    qt arp -i $external -d $address pub
	    [ -z "${haveroute}${NOROUTES}" ] && qt ip route del $address dev $interface
	done < ${VARDIR}/proxyarp

	for f in /proc/sys/net/ipv4/conf/*; do
	    [ -f $f/proxy_arp ] && echo 0 > $f/proxy_arp
	done
    fi

    rm -f ${VARDIR}/proxyarp
}

#
# Set policy of chain $1 to $2
#
setpolicy() {
    $IPTABLES -P $1 $2
}
#
# Remove all Shorewall-added rules
#
clear_firewall() {
    stop_firewall

    setpolicy INPUT ACCEPT
    setpolicy FORWARD ACCEPT
    setpolicy OUTPUT ACCEPT

    run_iptables -F

    echo 1 > /proc/sys/net/ipv4/ip_forward

    if [ -n "$DISABLE_IPV6" ]; then
	if qt mywhich ip6tables; then
	    ip6tables -P INPUT   ACCEPT 2> /dev/null
	    ip6tables -P OUTPUT  ACCEPT 2> /dev/null
	    ip6tables -P FORWARD ACCEPT 2> /dev/null
	fi
    fi

    run_clear_exit

    set_state "Cleared"

    logger -p kern.info "$PRODUCT Cleared"
}

#
# Issue a message and stop/restore the firewall
#
fatal_error()
{
    echo "   ERROR: $@" >&2
    stop_firewall
    [ -n "$TEMPFILE" ] && rm -f $TEMPFILE
    exit 2
}

#
# Issue a message and stop
#
startup_error() # $* = Error Message
{
    echo "   ERROR: $@" >&2
    case $COMMAND in
        start)
	    logger -p kern.err "ERROR:$PRODUCT start failed"
	    ;;
	restart)
	    logger -p kern.err "ERROR:$PRODUCT restart failed"
	    ;;
	restore)
	    logger -p kern.err "ERROR:$PRODUCT restore failed"
	    ;;
    esac
            
    kill $$
    exit 2
}

#
# Run iptables and if an error occurs, stop/restore the firewall
#
run_iptables()
{
    if [ -n "$COMMENT" ]; then
        $IPTABLES $@ -m comment --comment "$COMMENT"
    else
        $IPTABLES $@
    fi

    if [ $? -ne 0 ]; then
        error_message "ERROR: Command \"$IPTABLES $@\" Failed"
	stop_firewall
        exit 2
    fi
}

#
# Run iptables and if an error occurs, stop/restore the firewall
#
run_ip()
{
    if ! ip $@; then
	error_message "ERROR: Command \"ip $@\" Failed"
	stop_firewall
	exit 2
    fi
}

#
# Run tc and if an error occurs, stop/restore the firewall
#
run_tc() {
    if ! tc $@ ; then
	error_message "ERROR: Command \"tc $@\" Failed"
	stop_firewall
	exit 2
    fi
}

restore_dynamic_rules() {
    if [ -f ${VARDIR}/save ]; then
	progress_message2 "Setting up dynamic rules..."
	rangematch='source IP range'
	while read target ignore1 ignore2 address ignore3 rest; do
	    case $target in
		DROP|reject|logdrop|logreject)
		    case $rest in
			$rangematch*)
			    run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
			    ;;
			*)
			    if [ -z "$rest" ]; then
				run_iptables -A dynamic -s $address -j $target
			    else
				error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
			    fi
			    ;;
		    esac
		    ;;
	    esac
	done < ${VARDIR}/save
    fi
}