#!/bin/sh

IPTABLES="/sbin/iptables"

# load options
if [ -f /etc/default/iptables ] ; then
  . /etc/default/iptables
else
  exit 1
fi

# Check for daemon presence
test -x ${IPTABLES} || exit 0

# Get lsb functions
. /lib/lsb/init-functions
. /etc/default/rcS

# Check for saved state
if [ x$1 != "xsave" ] && [ x$1 = "xstart" ] && ! test -r ${IPTABLES_SAVE}; then
  log_warning_msg "Skipping iptables configuration..."
  exit 0
fi

flush() {
  if [ -f /proc/net/ip_tables_names ] ; then
    for table in `cat /proc/net/ip_tables_names`; do
      ${IPTABLES} -F -t $table
      ${IPTABLES} -X -t $table
      if [ $table = nat ]; then
        ${IPTABLES} -t nat -P PREROUTING ACCEPT
        ${IPTABLES} -t nat -P POSTROUTING ACCEPT
        ${IPTABLES} -t nat -P OUTPUT ACCEPT
      elif [ $table = mangle ]; then
        ${IPTABLES} -t mangle -P PREROUTING ACCEPT
        ${IPTABLES} -t mangle -P INPUT ACCEPT
        ${IPTABLES} -t mangle -P FORWARD ACCEPT
        ${IPTABLES} -t mangle -P OUTPUT ACCEPT
        ${IPTABLES} -t mangle -P POSTROUTING ACCEPT
      elif [ $table = filter ]; then
        ${IPTABLES} -t filter -P INPUT ACCEPT
        ${IPTABLES} -t filter -P FORWARD ACCEPT
        ${IPTABLES} -t filter -P OUTPUT ACCEPT
      fi
    done
  fi
  return 0
}

case "$1" in
  start)
  log_begin_msg "Loading iptables settings..."
  ${IPTABLES}-restore ${SAVE_RESTORE_OPTIONS} ${IPTABLES_SAVE}
  log_end_msg $?
  ;;
  save)
  log_begin_msg "Saving iptables settings..."
  ${IPTABLES}-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
  log_end_msg $?
  ;;
  stop)
  log_begin_msg "Clearing iptables settings..."
  flush
  log_end_msg $?
  ;;
  restart)
  $0 stop
  $0 start
  ;;
  status)
  ${IPTABLES} -L
  ;;
  *)
  log_success_msg "Usage: $0 {start|stop|restart|status|save}"
  exit 1
esac