#!/bin/bash
#
# init script for the Ethernet Bridge filter tables
#
# Original written by Dag Wieers <dag@wieers.com>.
# Modified by Tom "spot" Callaway <tcallawa@redhat.com>
#
# chkconfig: - 15 85
# description: Ethernet Bridge filtering tables
#
# config: /etc/sysconfig/ebtables.filter
# config: /etc/sysconfig/ebtables.nat
# config: /etc/sysconfig/ebtables.broute

source /etc/init.d/functions
source /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x /sbin/ebtables ] || exit 1

RETVAL=0
RETVAL_FILTER=0
RETVAL_NAT=0
RETVAL_BROUTE=0
prog="ebtables"
desc="Ethernet bridge filtering"

lockfile=/var/lock/subsys/$prog

initialize() {
        # Initialize $TYPE tables
        echo -n $"  $TYPE tables: "
        if [ -r /etc/sysconfig/ebtables.$TYPE ]; then
                /sbin/ebtables -t $TYPE --atomic-file /etc/sysconfig/ebtables.$TYPE --atomic-commit > /dev/null || RETVAL=1
        else
                echo -n "not configured"
        fi
        if [ $RETVAL -eq 0 ]; then
                success "$TYPE startup"
        else
                failure "$TYPE startup"
        fi
	return $RETVAL
}

start() {
        echo "Starting $desc ($prog): "
        # Initialize filter tables
        TYPE=filter
        initialize
        RETVAL_FILTER=$RETVAL
        RETVAL=0

        # Initialize NAT tables
	echo
        TYPE=nat
        initialize
        RETVAL_NAT=$RETVAL
        RETVAL=0

        # Initialize broute tables
	echo
        TYPE=broute
        initialize
        RETVAL_BROUTE=$RETVAL
        RETVAL=0

	RETVAL=`expr $RETVAL_BROUTE + $RETVAL_NAT + $RETVAL_FILTER`

	if [ $RETVAL -eq 0 ]; then
		touch $lockfile
	fi

	echo
	return $RETVAL
}

stop() {
	echo -n $"Stopping $desc ($prog): "
	/sbin/ebtables -t filter --init-table || RETVAL=1
	/sbin/ebtables -t nat --init-table || RETVAL=1
	/sbin/ebtables -t broute --init-table || RETVAL=1

	for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do
		/sbin/rmmod $mod || RETVAL=1
	done

	if [ $RETVAL -eq 0 ]; then
		success "$prog shutdown"
		rm -f $lockfile
	else
		failure "$prog shutdown"
	fi

	echo
	return $RETVAL
}

restart() {
	stop
	start
}

save() {
	echo -n $"Saving $desc ($prog): "
	/sbin/ebtables -t filter --atomic-file /etc/sysconfig/ebtables.filter --atomic-save || RETVAL=1
	/sbin/ebtables -t nat --atomic-file /etc/sysconfig/ebtables.nat --atomic-save || RETVAL=1
	/sbin/ebtables -t broute --atomic-file /etc/sysconfig/ebtables.broute --atomic-save || RETVAL=1

	if [ $RETVAL -eq 0 ]; then
		success "$prog saved"
	else
		failure "$prog saved"
	fi
	echo
}

case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart|reload)
	restart
	;;
  condrestart)
	[ -e $lockfile ] && restart
	RETVAL=$?
	;;
  save)
	save
	;;
  status)
	status $prog
	RETVAL=$?
	;;
  *)
	echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
	RETVAL=1
esac

exit $RETVAL