#!/bin/bash

# compat for removed initscripts dependency

success() {

       echo "[  OK  ]"

       return 0

}

failure() {

       echo "[FAILED]"

       return 1

}

# internal variables

EBTABLES_CONFIG=/etc/sysconfig/ebtables-config

EBTABLES_DATA=/etc/sysconfig/ebtables

EBTABLES_TABLES="filter nat"

if ebtables --version | grep -q '(legacy)'; then

	EBTABLES_TABLES+=" broute"

fi

VAR_SUBSYS_EBTABLES=/var/lock/subsys/ebtables

# ebtables-config defaults

EBTABLES_SAVE_ON_STOP="no"

EBTABLES_SAVE_ON_RESTART="no"

EBTABLES_SAVE_COUNTER="no"

# load config if existing

[ -f "$EBTABLES_CONFIG" ] && . "$EBTABLES_CONFIG"

initialize() {

	local ret=0

	for table in $EBTABLES_TABLES; do

		ebtables -t $table --init-table || ret=1

	done

	return $ret

}

sanitize_dump() {

	local drop=false

	export EBTABLES_TABLES

	cat $1 | while read line; do

		case $line in

		\**)

			drop=false

			local table="${line#\*}"

			local found=false

			for t in $EBTABLES_TABLES; do

				if [[ $t == $table ]]; then

					found=true

					break

				fi

			done

			$found || drop=true

			;;

		esac

		$drop || echo "$line"

	done

}

start() {

	if [ -f $EBTABLES_DATA ]; then

		echo -n $"ebtables: loading ruleset from $EBTABLES_DATA: "

		sanitize_dump $EBTABLES_DATA | ebtables-restore

	else

		echo -n $"ebtables: no stored ruleset, initializing empty tables: "

		initialize

	fi

	local ret=$?

	touch $VAR_SUBSYS_EBTABLES

	return $ret

}

save() {

	echo -n $"ebtables: saving active ruleset to $EBTABLES_DATA: "

	export EBTABLES_SAVE_COUNTER

	ebtables-save >$EBTABLES_DATA && success || failure

}

case $1 in

	start)

		[ -f "$VAR_SUBSYS_EBTABLES" ] && exit 0

		start && success || failure

		RETVAL=$?

		;;

	stop)

		[ "x$EBTABLES_SAVE_ON_STOP" = "xyes" ] && save

		echo -n $"ebtables: stopping firewall: "

		initialize && success || failure

		RETVAL=$?

		rm -f $VAR_SUBSYS_EBTABLES

		;;

	save)

		save

		;;

	*)

		echo "usage: ${0##*/} {start|stop|save}" >&2

		RETVAL=2

		;;

esac

exit $RETVAL