#!/bin/sh
## Configure Firewall Rules
WAN=`uci get network.wan.ifname`
count=`uci get firewall.general.rules_count`
ruleid=1
while [ "$ruleid" -le "$count" ]
do
	type=`uci get firewall.rule$ruleid.type`
	service=`uci get firewall.rule$ruleid.service`
	localip=`uci get firewall.rule$ruleid.local_ip`
	wanip=`uci get firewall.rule$ruleid.wan_ip`
	time=`uci get firewall.rule$ruleid.time`
	target=`uci get firewall.rule$ruleid.target`

	case $service in
		any) proto="";;
		*)
		protocol=`uci get firewall.$service.protocol`
		port=`uci get firewall.$service.port`
		case $protocol in
			tcp|udp) proto="-p $protocol --dport $port";;
			icmp) proto="-p $protocol";;
		esac ;;
		esac

	case $type in
		in)
			case $localip in
				0.0.0.0) dest="";;
				*) dest="-d $localip";;
			esac
			case $wanip in
				0.0.0.0) src="";;
				*) src="-s $wanip";;
			esac

			iptables -A forwarding_rule_filter -i $WAN $proto $schedule $src $dest -j $target
			iptables -A input_rule -i $WAN $proto $schedule $src $dest -j $target
			iptables -t nat -A prerouting_rule_filter -i $WAN $proto $schedule $src $dest -j $target;;
		out)
			case $wanip in
				0.0.0.0) dest="";;
				*) dest="-d $wanip";;
			esac
			case $localip in
				0.0.0.0) src="";;
				*) src="-s $localip";;
			esac

			iptables -A forwarding_rule_filter -o $WAN $proto $schedule $src $dest -j $target
			iptables -A input_rule -o $WAN $proto $schedule $src $dest -j $target
			iptables -t nat -A prerouting_rule_filter -o $WAN $proto $schedule $src $dest -j $target;;
		esac
	ruleid=`expr $ruleid + 1`
done


#number=`uci get firewall.general.number`
#ruleid=1
#while [ "$ruleid" -le "$number" ]
#do
#sourceip=`uci get firewall.rule$ruleid.ipaddr`
#protocol=`uci get firewall.rule$ruleid.proto`
#srcport=`uci get firewall.rule$ruleid.sport`
#dstport=`uci get firewall.rule$ruleid.dport`
#
#[ -z "$sourceip" ] || {
#if [ "$sourceip" == "any" ];then
#cmd=iptables\ -t\ filter\ -A\ input_rule
#cmd1=iptables\ -t\ nat\ -A\ prerouting_rule
#else
#cmd=iptables\ -t\ filter\ -A\ input_rule\ -s\ $sourceip
#cmd1=iptables\ -t\ nat\ -A\ prerouting_rule\ -s\ $sourceip
#fi
#}
#
#if [ "$protocol" ]; then
#case "$protocol" in
#        tcp) cmd=$cmd\ -p\ tcp; cmd1=$cmd1\ -p\ tcp ;;
#        udp) cmd=$cmd\ -p\ udp; cmd1=$cmd1\ -p\ udp ;;
#        *) cmd=$cmd\ -p\ all;cmd1=$cmd1\ -p\ all ;;
#esac
#fi
#
#if [ "$srcport" ]; then
#cmd=$cmd\ --source-port\ $srcport
#cmd1=$cmd1\ --source-port\ $srcport
#fi
#
#if [ "$dstport" ]; then
#cmd=$cmd\ --destination-port\ $dstport
#cmd1=$cmd1\ --destination-port\ $dstport
#fi
#
#cmd=$cmd\ -j\ ACCEPT
#cmd1=$cmd1\ -j\ ACCEPT

#echo "$cmd" | sh
#echo "$cmd1" | sh
#
#ruleid=`expr $ruleid + 1`
#done
