#!/bin/sh

[ "$ACTION" = "ifup" -a "${INTERFACE%%[0-9]*}" = wan ] && {
	old_outgoing_interface=`uci oget network.wan4.dmz_outgoing_interface`
	outgoing_interface=`uci get network.wan4.dmz_outgoing_interface`
	if [ "$INTERFACE" = "wan4" -o "$INTERFACE" = "$old_outgoing_interface" -o "$INTERFACE" = "$outgoing_interface" ] ;then
		old_proto=`uci oget network.wan4.proto`
		old_mode=`uci oget network.wan4.dmz_mode`
		old_status=`uci oget network.wan4.status`
		status=`uci get network.wan4.status`
		proto=`uci get network.wan4.proto`
		mode=`uci get network.wan4.dmz_mode`
		###### Delete old DMZ settings
		if [ "$old_status" = "enable" -a "$old_proto" = "dmz" ] ;then
			if [ "$old_mode" = "routing" ] ;then
				old_host_ip_list=`uci oget network.wan4.dmz_host_ip_list`
				#old_outgoing_interface=`uci oget network.wan4.dmz_outgoing_interface`
				old_oif_ipaddr=`uci oget network.$old_outgoing_interface.static_ipaddr`
				old_oif_mask=`uci oget network.$old_outgoing_interface.static_netmask`
				for old_dmz_host_ip in $old_host_ip_list ;do
					route del -net $old_dmz_host_ip netmask 255.255.255.255 dev wan-wan4 >/dev/null 2>/dev/null
					arp -i wan-$old_outgoing_interface -d $old_dmz_host_ip pub >/dev/null 2>/dev/null
				done
				arp -i wan-wan4 -d $old_oif_ipaddr netmask $old_oif_mask pub >/dev/null 2>/dev/null
			elif [ "$old_mode" = "nat" ] ;then
				old_nat_ipaddr=`uci oget network.wan4.dmz_ipaddr`
				old_nat_mask=`uci oget network.wan4.dmz_netmask`
				ipset -D lan_nat_subnet $old_nat_ipaddr/$old_nat_mask
			fi
			ipset -F wan4_dmz_host
		fi
		
		if [ "$status" = "enable" -a "$proto" = "dmz" ] ;then
			#In ROUTING mode, outgoing WAN should use static protocol
				#Subnet of outgoing interface and of WAN4 DMZ Hosts should be the same
			if [ "$mode" = "routing" ]; then
				#outgoing_interface=`uci get network.wan4.dmz_outgoing_interface`
				host_ip_list=`uci get network.wan4.dmz_host_ip_list`
				## Add arp subnet entries according to outgoing interface on WAN4 
				oif_ipaddr=`uci get network.$outgoing_interface.static_ipaddr`
				oif_mask=`uci get network.$outgoing_interface.static_netmask`
				arp -i wan-wan4 -Ds $oif_ipaddr wan-wan4 netmask $oif_mask pub >/dev/null 2>/dev/null

				for dmz_host_ip in $host_ip_list ;do
					## Delete non-necessary arp entries of host_ip_list in subnet
					arp -i wan-wan4 -d $dmz_host_ip >/dev/null 2>/dev/null
					## Add static routes to WAN4 for DMZ hosts
					route add -net $dmz_host_ip netmask 255.255.255.255 dev wan-wan4 >/dev/null 2>/dev/null
					## Add arp entries of DMZ hosts on outgoing WAN
					arp -i wan-$outgoing_interface -Ds $dmz_host_ip wan-$outgoing_interface pub >/dev/null 2>/dev/null
					## Add each host ip into wan4_dmz_host
					ipset -A wan4_dmz_host $dmz_host_ip/255.255.255.255 >/dev/null 2>/dev/null
				done
			elif [ "$mode" = "nat" ]; then
				nat_ipaddr=`uci oget network.wan4.dmz_ipaddr`
				nat_mask=`uci oget network.wan4.dmz_netmask`
				ipset -A lan_nat_subnet $nat_ipaddr/$nat_mask >/dev/null 2>/dev/null
				ipset -A wan4_dmz_host $nat_ipaddr/$nat_mask >/dev/null 2>/dev/null
			fi
		fi
		/etc/init.d/dmz restart
	fi
}


