#!/bin/sh

case "$1" in
	start|"")
		echo -n "Setting ipfilter ruleset to active state: "
		if ! ( lsmod | grep -q ip_tables ) ; then
			modprobe ip_tables
			modprobe iptable_filter
			modprobe iptable_nat
			modprobe ipt_limit
		fi

		if [ -e /etc/iptables.active ] ; then
			iptables-restore < /etc/iptables.active
			echo done
		else
			echo not configured
		fi
		echo -n "Enabling IP forwarding: "
		echo 1 > /proc/sys/net/ipv4/ip_forward
		echo done
		;;
	stop)
		echo -n "Resetting rulesset to inactive state: "
		if [ -e /etc/iptables.inactive ] ; then
			iptables-restore < /etc/iptables.inactive
		else
			for c in INPUT FORWARD OUTPUT ; do
				iptables -F $c
				iptables -P $c ACCEPT
			done
			for c in PREROUTING POSTROUTING OUTPUT ; do
				iptables -t nat -F $c
				iptables -t nat -P $c ACCEPT
			done
		fi
		echo done
		echo -n "Disabling IP forwarding: "
		echo 0 > /proc/sys/net/ipv4/ip_forward
		echo done
		;;
	save_active)
		echo -n "Saving active ruleset to /etc/iptables.active: "
		iptables-save > /etc/iptables.active
		echo done
		;;
	save_inactive)
		echo -n "Saving inactive ruleset to /etc/iptables.inactive: "
		iptables-save > /etc/iptables.inactive
		echo done
		;;
	*)
		echo usage: $0 {start,stop,save_active,save_inactive}
		;;
esac