#!/bin/sh

# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2017-present Team LibreELEC (https://libreelec.tv)

IPTABLES4="/usr/sbin/iptables"
IPTABLES6="/usr/sbin/ip6tables"
IPTABLES_CMDS="$IPTABLES4 $IPTABLES6"
PUBLIC_RULES="/etc/iptables/public.v"
HOME_RULES="/etc/iptables/home.v"
CUSTOM_RULES="/storage/.config/iptables/rules.v"
DOCKER="service.system.docker.service"
SYSTEMCTL="/usr/bin/systemctl"
CONNMANCTL="/usr/bin/connmanctl"

check_docker() {
  $SYSTEMCTL is-active --quiet $DOCKER && $SYSTEMCTL restart $DOCKER
}

get_technology_config() {
  $CONNMANCTL technologies | awk -v pattern="^/.*/technology/$1$" -e 'BEGIN {S=0}; /^\/.*/ {S=0}; $0 ~ pattern {S=1}; S==1 {print $0}'
}

check_tether() {
  for technology in wifi ethernet; do
    if get_technology_config $technology | grep -q 'Tethering = True'; then
      $CONNMANCTL tether $technology off
      sleep 1
      $CONNMANCTL tether $technology on
      break
    fi
  done
}

flush() {
  for cmd in $IPTABLES_CMDS; do
    $cmd -F
    $cmd -X
    $cmd -t nat -F
    $cmd -t nat -X
    $cmd -t mangle -F
    $cmd -t mangle -X
    $cmd -P INPUT ACCEPT
    $cmd -P FORWARD ACCEPT
    $cmd -P OUTPUT ACCEPT
  done
  check_docker
  check_tether
}

enable() {
  for cmd in $IPTABLES_CMDS; do
    case "$cmd" in
      *6*)
        rules="$RULES6"
        ipv="6"
        ;;
      *)
        rules="$RULES4"
        ipv="4"
        ;;
    esac
    if [ -e "$rules" ]; then
      "$cmd-restore" "$rules"
    fi
  done
  check_docker
  check_tether
}

if [ "$1" = "enable" ]; then
  case "${RULES}" in
    "none")
      flush
      ;;
    "public")
      RULES4="${PUBLIC_RULES}4"
      RULES6="${PUBLIC_RULES}6"
      ;;
    "home")
      RULES4="${HOME_RULES}4"
      RULES6="${HOME_RULES}6"
      ;;
    "custom")
      RULES4="${CUSTOM_RULES}4"
      RULES6="${CUSTOM_RULES}6"
      ;;
    *)
      exit 1
      ;;
  esac
  enable
elif [ "$1" = "disable" ]; then
  flush
else
  exit 1
fi

exit 0
