#!/usr/bin/env ssm

service_type='oneshot'
cfg_ip4dump='/etc/iptables/ip4.rules'
cfg_ip6dump='/etc/iptables/ip6.rules'

service_command=( /usr/bin/true )

start() {
	[[ -f "$cfg_ip4dump" ]] && {
		iptables-restore -t < "$cfg_ip4dump" || return 1
		iptables-restore < "$cfg_ip4dump"
	}

	[[ -f "$cfg_ip6dump" ]] && {
		ip6tables-restore -t < "$cfg_ip6dump" || return 1
		ip6tables-restore < "$cfg_ip6dump"
	}

	super_start
}

stop() {
	iptables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | iptables-restore
	ip6tables-save | sed -re 's/(:[A-Z]+\s+)[A-Z]+/\1ACCEPT/g' -e '/-.+/d' | ip6tables-restore

	for i in $(iptables-save | grep -E '^\*'); do iptables -t "${i//\*/}" -X; done
	for i in $(ip6tables-save | grep -E '^\*'); do ip6tables -t "${i//\*/}" -X; done

	super_stop
}

save() {
	printf 'Saving rules.\n'
	/usr/bin/iptables-save > "$cfg_ip4dump";
	/usr/bin/ip6tables-save > "$cfg_ip6dump";
}