#!/bin/bash

set -o errexit
set -o pipefail
set -o nounset

export PATH="/sbin:/usr/sbin:/bin:/usr/bin"
. "$(dirname ${0})"/fw.globals

fw_usage() {
    echo "${0} <apply|restore|test>"
}

fw_apply() {
    fw_flush
    . "$(dirname ${0})"/lib/loadrules.bash
    for rule_file in $(dirname ${0})/rules/*; do
        echo -n "[rules] $(basename ${rule_file}): "
        loadrules ${rule_file}
        echo "OK"
    done
}

fw_restore() {
    echo "!!! Restoring previous firewall state"
    iptables-restore --counters < /var/lib/firewall-backups/latest
}

fw_test() {
    for test_script in $(dirname ${0})/tests/*; do
        if [[ -x ${test_script} ]]; then
            echo -n "[test] $(basename ${test_script}): "
            ${test_script}
            echo "OK"
        fi
    done
}

fw_flush() {
    # We don't use (yet?) these tables: raw, security
    for table in filter nat mangle; do
        iptables --table ${table} --flush
    done
}

if [[ ! $# -eq 1 ]]; then
    fw_usage
    exit 1
fi

case ${1} in
    apply)
        fw_apply
        ;;
    flush)
        fw_flush
        ;;
    restore)
        fw_restore
        ;;
    test)
        fw_test
        ;;
    *)
        fw_usage
        exit 1
        ;;
esac

exit 0