#!/bin/bash

. /ips/setup/.config
. /ips/ip2/.functions

for MA in $ALL; do 

   if [ "$ADR" = "$MA" ]; then
     continue
   fi   

   i=${SUBNET}${MA}

maybeali $MA

   if [ "$ALIIP" != ""  ]; then
      # nr > 254 can be a computer with IP ALIP
      i="$ALIIP" 
   else
      Z=$[ MA > 254 ]
      if [ "$Z" = "1" ]; then
        continue
      fi   
      if [ -f /ips/gro/c-$MA ]; then
      # class
        continue
      fi
      if [ -f /ips/gro/s-$MA ]; then
      # class
        continue
      fi
    fi

   p="/ips/ads/$MA"
   if [ ! -f "$p" ]; then
       continue
   fi    
   ADS=`cat $p 2> /dev/null`

   if [ "$ALIDEV" != ""  ]; then
      DEV="$ALIDEV" 
   else
      DEV=$OURDEV      
   fi

   if [ "$QOS_BRIDGE" = "1" ]; then
     IDEV=
   else
     IDEV="-i $DEV"
   fi    

   echo -n "$i" 

   PLUS=
   
   for p in $ADS; do 
  
     if [ "$p" = "" ]; then
        continue
     fi    

     if [ "$p" = "+" ]; then
        PLUS=1
	echo " ACCEPT"
        continue
     fi    
     if [ "$p" = "-" ]; then
	echo " REJECT"
        PLUS=0
        continue
     fi    

     if [ "$PLUS" = "" ]; then
        continue
     fi    
 
     echo -n " $p : "

     PP=
     pp=`echo $p | cut -f2-2 -d '-'`

     if [ "$pp" != "$p" ]; then
        p=`echo $p | cut -f1-1 -d '-'`
        PP="--dport $pp"
     fi

     TT=
     TT2=
     T=`echo $p | cut -b1-1`
     if [ "$T" = "T" ]; then
        p=`echo $p | cut -b2-100`
        TT="-p TCP"     
     elif [ "$T" = "U" ]; then
        p=`echo $p | cut -b2-100`
        TT="-p UDP"     
     elif [ "$PP" != "" ]; then
        TT="-p TCP"     
        TT2="-p UDP"
     fi
 
 
     if [ "$PLUS" = "0" ]; then
        COM="-A FORWARD $TT $IDEV -s $i -d $p $PP -j REJECT"
     elif [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $TT $IDEV -s $i -d $p $PP -j ACCEPT"
     else
        continue
     fi 

     rule "$COM"

    if [ "$TT2" != "" ]; then

     if [ "$PLUS" = "0" ]; then
        COM="-A FORWARD $TT2 $IDEV -s $i -d $p $PP -j REJECT"
     elif [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $TT2 $IDEV -s $i -d $p $PP -j ACCEPT"
     else
        continue
     fi 

        rule "$COM"
     
    fi

   done

     if [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $IDEV -s $i -j REJECT"

        rule "$COM"

     fi

   echo






done


#


for MA in $ALL; do 

   if [ "$ADR" = "$MA" ]; then
     continue
   fi   

   i=${SUBNET}${MA}

maybeali $MA

   if [ "$ALIIP" != ""  ]; then
      # nr > 254 can be a computer with IP ALIP
      i="$ALIIP" 
   else
      Z=$[ MA > 254 ]
      if [ "$Z" = "1" ]; then
        continue
      fi   
      if [ -f /ips/gro/c-$MA ]; then
      # class
        continue
      fi
      if [ -f /ips/gro/s-$MA ]; then
      # class
        continue
      fi
    fi

   p="/ips/ads2/$MA"
   if [ ! -f "$p" ]; then
       continue
   fi    
   ADS=`cat $p 2> /dev/null`

   DEV=$ANYDEV

   if [ "$QOS_BRIDGE" = "1" ]; then
     IDEV=
   else
     IDEV="-i $DEV"
   fi    

   
   echo -n "$i" 

   PLUS=
   
   for p in $ADS; do 
  
     if [ "$p" = "" ]; then
        continue
     fi    

     if [ "$p" = "+" ]; then
        PLUS=1
	echo " ACCEPT"
        continue
     fi    
     if [ "$p" = "-" ]; then
	echo " REJECT"
        PLUS=0
        continue
     fi    

     if [ "$PLUS" = "" ]; then
        continue
     fi    

     echo -n " $p : "

     PP=
     pp=`echo $p | cut -f2-2 -d '-'`

     if [ "$pp" != "$p" ]; then
        p=`echo $p | cut -f1-1 -d '-'`
        PP="--dport $pp"
     fi

     TT=
     TT2=
     T=`echo $p | cut -b1-1`
     if [ "$T" = "T" ]; then
        p=`echo $p | cut -b2-100`
        TT="-p TCP"     
     elif [ "$T" = "U" ]; then
        p=`echo $p | cut -b2-100`
        TT="-p UDP"     
     elif [ "$PP" != "" ]; then
        TT="-p TCP"     
        TT2="-p UDP"
     fi
 
     if [ "$PLUS" = "0" ]; then
        COM="-A FORWARD $TT $IDEV -d $i $PP -s $p -m conntrack --ctstate  NEW,INVALID -j REJECT"
     elif [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $TT $IDEV -d $i $PP -s $p -m conntrack --ctstate  NEW,INVALID -j ACCEPT"
     else
        continue
     fi 


        rule "$COM"


   if [ "$TT2" != "" ]; then

     if [ "$PLUS" = "0" ]; then
        COM="-A FORWARD $TT2 $IDEV -d $i $PP -s $p -m conntrack --ctstate  NEW,INVALID -j REJECT"
     elif [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $TT2 $IDEV -d $i $PP -s $p -m conntrack --ctstate  NEW,INVALID -j ACCEPT"
     else
        continue
     fi 


        rule "$COM"

    fi


   done

     if [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $IDEV -d $i -m conntrack --ctstate  NEW,INVALID -j REJECT"

        rule "$COM"

     fi

   echo

done

