#!/bin/bash

. /etc/iptables/ipt-conf.sh
. /etc/iptables/ipt-firewall.sh

TYPE=bridge
#TYPE=server
#TYPE=open
#TYPE=client

case $1 in
	start)
            case $TYPE in
                bridge)
		    #ipt_clear
            echo "setting bridge network..."
            echo 1 > /proc/sys/net/ipv4/ip_forward

            ## load bridge configuration
            #iptables-restore /etc/iptables/bridge.v4
            #iptables-restore /etc/iptables/bridge.v6
            bash /etc/iptables/ipt-bridge.sh

   		;;
		server)
		    #ipt_clear
            echo "setting server network..."
            ## load server configuration
            #iptables-restore /etc/iptables/server.v4
            #iptables-restore /etc/iptables/server.v6
            bash /etc/iptables/ipt-server.sh
		;;
		client)
		    #ipt_clear
            echo "setting client network..."
            ## load client configuration
            #iptables-restore /etc/iptables/client.v4
            bash /etc/iptables/ipt-client.sh
		;;
		open)
		    ipt_clear
            echo "setting open network..."
            ## load client configuration

			${IPT} -P INPUT DROP
			${IPT} -P FORWARD DROP
			${IPT} -P OUTPUT ACCEPT

			${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
			${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

			${IPT} -A INPUT -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
			${IPT} -A INPUT -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT

			${IPT} -A OUTPUT  -j ACCEPT

			${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
			${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
		;;
	    esac
	;;
        stop)
		echo "clear all iptables tables"
		ipt_clear
        ipt_tables
	;;
	restart)
        $0 start
        ;;
	status)
		${IPT} -v
	;;
	*)
	    echo "Usage: $0 [start|stop]"
	;;
esac