#!/bin/sh /etc/rc.common

START=94

# connmark --mark 0x10000000/0x10000000 is for bandwidth_limit
# connmark --mark 0x20000000/0x20000000 is for app_filter
# connmark --mark 0x40000000/0x40000000 is for url_filter / qq_filter
# Above are no more using in FPP_POLICY

boot()
{
    apply
}

apply()
{
	if [ -f /etc/config/fpp_policy ]; then
		inspection=$(uci get fpp_policy.general.inspect)
		pkt=$(uci get fpp_policy.general.pkt)
	else
		inspection="1"
		pkt="8"
	fi
	cmm -c set inspection $inspection

	iptables -t mangle -F FPP_POLICY 
	iptables -t mangle -A FPP_POLICY -m connbytes --connbytes ${pkt}: --connbytes-dir original --connbytes-mode packets -j CONNMARK --set-mark 0x80008000/0x80008000
	iptables -t mangle -A FPP_POLICY -m connbytes --connbytes ${pkt}: --connbytes-dir reply --connbytes-mode packets -j CONNMARK --set-mark 0x80008000/0x80008000

	ip6tables -t mangle -F FPP_POLICY
	ip6tables -t mangle -A FPP_POLICY -m connbytes --connbytes ${pkt}: --connbytes-dir original --connbytes-mode packets -j CONNMARK --set-mark 0x80008000/0x80008000
	ip6tables -t mangle -A FPP_POLICY -m connbytes --connbytes ${pkt}: --connbytes-dir reply --connbytes-mode packets -j CONNMARK --set-mark 0x80008000/0x80008000

	cmm -c set ipsec pre-frag enable
}
