#!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org

START=80

IPTABLES=iptables
config_load port_block

fw_port_block()
{
	local intf
	local port
	local tmp
	local status
	
	config_get intf $1 intf
	config_get port $1 port
	config_get status $1 status

	if [ "$status" = "disable" ];then
		return
	fi
	
	[ -z "$port" ] && { \
		echo "needs port"; return ; }
			
	add_rule() {
			$IPTABLES -A PORT_BLOCK -t filter -p tcp --dport $port -j LOG --action DROP 
			$IPTABLES -A PORT_BLOCK -t filter -p udp --dport $port -j LOG --action DROP 
			
			#$IPTABLES -A PORT_BLOCK -t filter -p tcp --dport $port -j DROP
			#$IPTABLES -A PORT_BLOCK -t filter -p udp --dport $port -j DROP
	}	
	add_rule		
}

fw_port_block_apply()
{
	local intf
	local port
	local tmp
	local status
	
	config_get intf $1 intf
	config_get port $1 port
	config_get status $1 status

	if [ "$status" = "disable" ];then
		return
	fi
	
	[ -z "$port" ] && { \
		echo "needs port"; return ; }
			
	add_rule() {
			$IPTABLES -A PORT_BLOCK -t filter -p tcp --dport $port -j LOG --action DROP 
			$IPTABLES -A PORT_BLOCK -t filter -p udp --dport $port -j LOG --action DROP 
			
			#$IPTABLES -A PORT_BLOCK -t filter -p tcp --dport $port -j DROP
			#$IPTABLES -A PORT_BLOCK -t filter -p udp --dport $port -j DROP
	}	
	add_rule		
}
fw_port_block_delete()
{
	local intf
	local port
	local tmp
	
	intf=$(uci oget port_block.$1.intf)
	port=$(uci oget port_block.$1.port)
	
		
	[ -z "$port" ] && { \
		echo "needs port"; return ; }
			
	add_rule() {
			$IPTABLES -D PORT_BLOCK -t filter -p tcp --dport $port -j LOG --action DROP  2>/dev/null
			$IPTABLES -D PORT_BLOCK -t filter -p udp --dport $port -j LOG --action DROP  2>/dev/null
			
			#$IPTABLES -D PORT_BLOCK -t filter -p tcp --dport $port -j LOG --log-level 7 2>/dev/null
			#$IPTABLES -D PORT_BLOCK -t filter -p udp --dport $port -j LOG --log-level 7	2>/dev/null
	}	
	add_rule		
}

start() {
	#$IPTABLES -N PORT_BLOCK -t filter
	#$IPTABLES -I FORWARD -t filter -j PORT_BLOCK
	config_foreach fw_port_block pb_profile
}

stop() {
	$IPTABLES -F PORT_BLOCK -t filter
}

apply() {
	chage=$(uci fchanges delete port_block)	
	for profile in ${chage}; do
		fw_port_block_delete $profile
	done
	
	chage=$(uci fchanges new port_block)
	for profile in ${chage}; do
		fw_port_block_apply $profile
	done	
	
	chage=$(uci fchanges modify port_block)
	for profile in ${chage}; do
		fw_port_block_delete $profile
		fw_port_block_apply $profile
	done
	
	uci commit port_block
	
}