#!/bin/sh
#
# Startup script to implement ethernet layer firewalling
#
# Copyright alexeytATfreeshell.org May 2005, GPL
#
# customised for CHANGEME

#### CONFIG ####



#### END CONFIG ####

[ -x /sbin/ebtables ] || exit 0

start() {
	chains="filter nat broute" # can we get this from the kernel?

	echo -n "Flushing and zeroing all chains: "
	error=
	for i in $chains; do {
		ebtables -t $i -F && \
		ebtables -t $i -Z || error=1
	} done
	[ $error ] && echo "FAILED." || echo "done."

	echo -n "Removing user defined chains: "
	error=
	for i in $chains; do {
		ebtables -t $i -X || error=1
	} done
	[ $error ] && echo "FAILED." || echo "done."

	echo -n "Setting ebtables policies: "
		ebtables -P INPUT ACCEPT && \
		ebtables -P FORWARD ACCEPT && \
		ebtables -P OUTPUT ACCEPT && \
		ebtables -t nat -P PREROUTING ACCEPT && \
		ebtables -t nat -P POSTROUTING ACCEPT && \
		ebtables -t nat -P OUTPUT ACCEPT && \
		ebtables -t broute -P BROUTING ACCEPT && \
	echo "done." || echo "FAILED."

	echo -n "Applying ebtables firewall rules: "
#		echo -n "filter-input " && \
#		echo -n "filter-forward " && \
#		echo -n "filter-output " && \
#		echo -n "nat-prerouting " && \
#		echo -n "nat-postrouting " && \
#		echo -n "nat-output " && \
#		echo -n "broute-brouting " && \

	echo "." || echo "FAILED."
}

stop() {
	chains="filter nat broute" # can we get this from the kernel?

	echo -n "Flushing and zeroing all chains: "
	error=
        for i in $chains; do {
		ebtables -t $i -F && \
		ebtables -t $i -Z || error=1
	} done
	[ $error ] && echo "FAILED." || echo "done."

	echo -n "Removing user defined chains: "
	error=
        for i in $chains; do {
		ebtables -t $i -X || error=1
	} done
	[ $error ] && echo "FAILED." || echo "done."

        echo -n $"Resetting built-in chains to the default ACCEPT policy: "
		ebtables -P INPUT ACCEPT && \
		ebtables -P OUTPUT ACCEPT && \
		ebtables -P FORWARD ACCEPT && \
		ebtables -t nat -P PREROUTING ACCEPT && \
		ebtables -t nat -P POSTROUTING ACCEPT && \
		ebtables -t nat -P OUTPUT ACCEPT && \
		ebtables -t broute -P BROUTING ACCEPT && \
	echo "done." || echo "FAILED."
}

status() {
	echo "----"; ebtables -L --Lc;
	echo "----"; ebtables -t nat -L --Lc;
	echo "----"; ebtables -t broute -L --Lc;
}

case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart)
	start
	;;
  status)
	status
	;;
  *)
	echo $"Usage: $0 {start|stop|restart|status}"
	exit 1
esac

exit 0