#!/bin/sh
# Functions for ipchains for tree-firewall
# License: GNU GPL
# (c) 2002 Olgierd Pieczul <wojrus@pld.org.pl>

# $Revision: 1.11 $, $Date: 2002/08/11 16:29:11 $

add_rule() {
	if $debug; then
		echo ipchains -A $1 $2
		ipchains -A $1 $2
	else
		ret=0
		ipchains -A $1 $2 >/dev/null 2>/dev/null || ret=1
		return $ret
	fi
}	

addfirst_rule() {
	if $debug; then
		echo ipchains -I $1 $2
		ipchains -I $1 $2
	else
		ret=0
		ipchains -I $1 $2 >/dev/null 2>/dev/null || ret=1
		return $ret
	fi
}

del_rule() {
    if $debug; then
    	echo ipchains -D $1 $2
	    ipchains -D $1 $2
	else
		ret=0
		ipchains -D $1 $2 >/dev/null 2>/dev/null || ret=1
		return $ret
	fi
}
						
policy_rule() {
	if $debug; then
		echo ipchains -P $1 $2
		ipchains -P $1 $2
	else
		ret=0
		ipchains -P $1 $2 >/dev/null 2>/dev/null || ret=1
		return $ret
	fi
}

tables() {
    action=$1; set=$2; ret=0
	if [ "$action" = "policy" ]; then
		dir="policies"
	else
		dir="sets"
	fi
	chains $action $root/$dir/$set || ret=1
	return $ret
}

tables() {
	action=$1; set=$2; ret=0
	if [ "$action" = "policy" ]; then
			dir="policies"
	else
			dir="sets"
	fi
	# create chains
	rds=$root/$dir/$set
	if [ "$action" = "add" ] || [ "$action" = "addfirst" ]; then
		for chain in $(ls -1 $rds/* | egrep -v '~$'); do
			if [ -f $chain ]; then
				chain=$(basename $chain)
				chain_exist $chain || chain_create $chain 
			fi
		done
	fi
	chains $action $rds || ret=1
	# remove chains
	if [ "$action" = "del" ]; then
		for chain in $(ls -1 $rds/* | egrep -v '~$'); do
			if [ -f $chain ]; then
				chain=$(basename $chain)
				chain_exist $chain && chain_empty $chain && {
					chain_references $chain $table || chain_remove $chain $table
				}
			fi
		done
	fi
	return $ret
}

chain_exist() {
chains=$(ipchains -n -L $1 2>/dev/null | egrep '^Chain') 
if [ "$chains" ]; then
		return 0
else
		return 1
fi
}

chain_empty() {
	if [ "$(ipchains -n -L $1 2>/dev/null | egrep '^[^(Chain|target)]')" ] ; then
		return 1
	else
		return 0
	fi
}

chain_references() {
	if [ "$(ipchains -n -L $1 2>/dev/null | egrep '^Chain' | sed 's/^.*(\(.*\) references).*$/\1/')" == "0" ]; then
		return 1
	else
		return 0
	fi
}

chain_create () {
	if $debug; then
		echo ipchains -N $1
	fi
	ipchains -N $1
}

chain_remove () {
	if $debug; then
		echo ipchains -X $1
	fi
	ipchains -X $1
}

flush() {
	if $debug; then
		echo ipchains -F
		ipchains -F
	else
		ret=0
		ipchains -F >/dev/null 2>/dev/null || ret=1
		return $ret
	fi
}
