#!/bin/bash

. /ips/setup/.config
. /ips/ip2/.functions

for MA in $ALL; do 

   if [ "$ADR" = "$MA" ]; then
     continue
   fi   

   i=${SUBNET}${MA}

maybeali $MA

   if [ "$ALIIP" != ""  ]; then
      # nr > 254 can be a computer with IP ALIP
      i="$ALIIP" 
   else
      Z=$[ MA > 254 ]
      if [ "$Z" = "1" ]; then
        continue
      fi   
      if [ -f /ips/gro/c-$MA ]; then
      # class
        continue
      fi
      if [ -f /ips/gro/s-$MA ]; then
      # class
        continue
      fi
    fi

   p="/ips/pts/$MA"
   if [ ! -f "$p" ]; then
       continue
   fi    
   PTS=`cat $p 2> /dev/null`

   if [ "$ALIDEV" != ""  ]; then
      DEV="$ALIDEV" 
   else
      DEV=$OURDEV      
   fi

   if [ "$QOS_BRIDGE" = "1" ]; then
     IDEV=
   else
     IDEV="-i $DEV"
   fi    

   echo -n "$i" 

   PLUS=
  
###
   
   for p in $PTS; do 
  
     if [ "$p" = "" ]; then
        continue
     fi    

     if [ "$p" = "+" ]; then
        PLUS=1
	echo " ACCEPT"
        continue
     fi    
     if [ "$p" = "-" ]; then
	echo " REJECT"
        PLUS=0
        continue
     fi    

     if [ "$PLUS" = "" ]; then
        continue
     fi    
 
     echo -n " $p : "
 
     if [ "$PLUS" = "0" ]; then
        COM="-A FORWARD $IDEV -s $i -p tcp --destination-port $p -j REJECT"
     elif [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $IDEV -s $i -p tcp --destination-port $p -j ACCEPT"
     else
        continue
     fi 

        rule "$COM"

   done

     if [ "$PLUS" = "1" ]; then

        COM="-A FORWARD  $IDEV -s $i -p tcp -j REJECT"

        rule "$COM"

     fi

   echo

done





for MA in $ALL; do 

   if [ "$ADR" = "$MA" ]; then
     continue
   fi   

   i=${SUBNET}${MA}

maybeali $MA

   if [ "$ALIIP" != ""  ]; then
      # nr > 254 can be a computer with IP ALIP
      i="$ALIIP" 
   else
      Z=$[ MA > 254 ]
      if [ "$Z" = "1" ]; then
        continue
      fi   
      if [ -f /ips/gro/c-$MA ]; then
      # class
        continue
      fi
      if [ -f /ips/gro/s-$MA ]; then
      # class
        continue
      fi
    fi

   p="/ips/pts2/$MA"
   if [ ! -f "$p" ]; then
       continue
   fi    
   PTS=`cat $p 2> /dev/null`

   DEV=$ANYDEV      

   if [ "$QOS_BRIDGE" = "1" ]; then
     IDEV=
   else
     IDEV="-i $DEV"
   fi    

   echo -n "$i" 

   PLUS=
  
###
   
   for p in $PTS; do 
  
     if [ "$p" = "" ]; then
        continue
     fi    

     if [ "$p" = "+" ]; then
        PLUS=1
	echo " ACCEPT"
        continue
     fi    
     if [ "$p" = "-" ]; then
	echo " REJECT"
        PLUS=0
        continue
     fi    

     if [ "$PLUS" = "" ]; then
        continue
     fi    
 
     echo -n " $p : "
 
     if [ "$PLUS" = "0" ]; then
        COM="-A FORWARD $IDEV -d $i -p tcp --destination-port $p -m conntrack --ctstate  NEW,INVALID -j REJECT"
     elif [ "$PLUS" = "1" ]; then
        COM="-A FORWARD $IDEV -d $i -p tcp --destination-port $p -m conntrack --ctstate  NEW,INVALID -j ACCEPT"
     else
        continue
     fi 

        rule "$COM"

   done

     if [ "$PLUS" = "1" ]; then

        COM="-A FORWARD $IDEV -d $i -p tcp -m conntrack --ctstate  NEW,INVALID -j REJECT"

        rule "$COM"

     fi

   echo

done


