#!/bin/sh

DAEMON="iptables"

IPTABLES_CONF="/etc/iptables.conf"

# Run only if IPTABLES_CONF exists, except when the action is "save"
# (which creates it).
if [ ! -f "${IPTABLES_CONF}" ] && [ "$1" != "save" ]; then
	echo "${IPTABLES_CONF} does not exist, nothing to do."
	exit 0
fi

start() {
	printf 'Starting %s: ' "$DAEMON"
	iptables-restore "$IPTABLES_CONF"
	status=$?
	if [ "$status" -eq 0 ]; then
		echo "OK"
	else
		echo "FAIL"
	fi
	return "$status"
}

stop() {
	printf 'Stopping %s: ' "$DAEMON"
	iptables --flush
	status=$?
	if [ "$status" -eq 0 ]; then
		echo "OK"
	else
		echo "FAIL"
	fi
	return "$status"
}

restart() {
	stop
	start
}

save() {
	printf 'Saving %s: ' "$DAEMON"
	iptables-save --file "$IPTABLES_CONF"
	status=$?
	if [ "$status" -eq 0 ]; then
		echo "OK"
	else
		echo "SKIP (read-only file system detected)"
	fi
	return "$status"
}

case "$1" in
	start|stop|restart|save)
		"$1";;
	reload)
		# Restart, since there is no true "reload" feature.
		restart;;
	*)
		echo "Usage: $0 {start|stop|restart|save|reload}"
		exit 1
esac
