#!/bin/sh

IPTABLES="/sbin/iptables"

# load options
if [ -f /etc/default/iptables ] ; then
	. /etc/default/iptables
else
	exit 1
fi

# Check for daemon presence
test -x ${IPTABLES} || exit 0

# Get lsb functions
. /lib/lsb/init-functions
. /etc/default/rcS

# Check for saved state
if [ x$1 != "xsave" ] && [ x$1 = "xstart" ] && ! test -r ${IPTABLES_SAVE}; then
	log_warning_msg "Skipping iptables configuration..."
	exit 0
fi

flush() {
	if [ -f /proc/net/ip_tables_names ] ; then
		for table in `cat /proc/net/ip_tables_names`; do
			${IPTABLES} -F -t $table
			${IPTABLES} -X -t $table
			if [ $table = nat ]; then
				${IPTABLES} -t nat -P PREROUTING ACCEPT
				${IPTABLES} -t nat -P POSTROUTING ACCEPT
				${IPTABLES} -t nat -P OUTPUT ACCEPT
			elif [ $table = mangle ]; then
				${IPTABLES} -t mangle -P PREROUTING ACCEPT
				${IPTABLES} -t mangle -P INPUT ACCEPT
				${IPTABLES} -t mangle -P FORWARD ACCEPT
				${IPTABLES} -t mangle -P OUTPUT ACCEPT
				${IPTABLES} -t mangle -P POSTROUTING ACCEPT
			elif [ $table = filter ]; then
				${IPTABLES} -t filter -P INPUT ACCEPT
				${IPTABLES} -t filter -P FORWARD ACCEPT
				${IPTABLES} -t filter -P OUTPUT ACCEPT
			fi
		done
	fi
	return 0
}

case "$1" in
	start)
	log_begin_msg "Loading iptables settings..."
	${IPTABLES}-restore ${SAVE_RESTORE_OPTIONS} ${IPTABLES_SAVE}
	log_end_msg $?
	;;
	save)
	log_begin_msg "Saving iptables settings..."
	${IPTABLES}-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
	log_end_msg $?
	;;
	stop)
	log_begin_msg "Clearing iptables settings..."
	flush
	log_end_msg $?
	;;
	restart)
	$0 stop
	$0 start
	;;
	status) 
	${IPTABLES} -L
	;;
	*)
	log_success_msg "Usage: $0 {start|stop|restart|status|save}"
	exit 1
esac

