#!/bin/sh
 
ARPTABLES_CONFIG=/etc/sysconfig/arptables
 
# compat for removed initscripts dependency
 
success() {
	echo "[  OK  ]"
	return 0
}
 
failure() {
	echo "[FAILED]"
	return 1
}
 
start() {
	if [ ! -x /usr/sbin/arptables ]; then
		exit 4
	fi
 
	# don't do squat if we don't have the config file
	if [ -f $ARPTABLES_CONFIG ]; then
		printf "Applying arptables firewall rules: "
		/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \
			success || \
			failure
		touch /var/lock/subsys/arptables
	else
		failure
		echo "Configuration file /etc/sysconfig/arptables missing"
		exit 6
	fi
}
 
stop() {
	printf "Removing user defined chains: "
	arptables -X && success || failure
	printf "Flushing all chains: "
	arptables -F && success || failure
	printf "Resetting built-in chains to the default ACCEPT policy: "
	arptables -P INPUT ACCEPT && \
		arptables -P OUTPUT ACCEPT && \
		success || \
		failure
	rm -f /var/lock/subsys/arptables
}
 
case "$1" in
start)
	start
	;;
 
stop)
	stop
	;;
 
restart|reload)
	# "restart" is really just "start" as this isn't a daemon,
	# and "start" clears any pre-defined rules anyway.
	# This is really only here to make those who expect it happy
	start
	;;
 
condrestart|try-restart|force-reload)
	[ -e /var/lock/subsys/arptables ] && start
	;;
 
*)
	exit 2
esac
 
exit 0