#!/bin/sh -

# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2017-present Team LibreELEC (https://libreelec.tv)

IPTABLES4="/usr/sbin/iptables"
IPTABLES6="/usr/sbin/ip6tables"
IPTABLES_CMDS="$IPTABLES4 $IPTABLES6"
PUBLIC_RULES="/etc/iptables/public.v"
HOME_RULES="/etc/iptables/home.v"
CUSTOM_RULES="/storage/.config/iptables/rules.v"
DOCKER="service.system.docker.service"
SYSTEMCTL="/usr/bin/systemctl"
CONNMANCTL="/usr/bin/connmanctl"

check_docker() {
    $SYSTEMCTL is-active --quiet $DOCKER && $SYSTEMCTL restart $DOCKER
}

check_tether() {
    if [ -n "`$CONNMANCTL technologies | grep -e -A5 technology/wifi -e 'Tethering = True'`" ]; then
        TECHNOLOGY="wifi"
    elif [ -n "`$CONNMANCTL technologies | grep -e -A5 technology/ethernet -e 'Tethering = True'`" ]; then
        TECHNOLOGY="ethernet"
    fi
    $CONNMANCTL tether $TECHNOLOGY off
    sleep 1
    $CONNMANCTL tether $TECHNOLOGY on
}

flush() {
  for cmd in $IPTABLES_CMDS; do
    $cmd -F
    $cmd -X
    $cmd -t nat -F
    $cmd -t nat -X
    $cmd -t mangle -F
    $cmd -t mangle -X
    $cmd -P INPUT ACCEPT
    $cmd -P FORWARD ACCEPT
    $cmd -P OUTPUT ACCEPT
  done
  check_docker
  check_tether
}

enable() {
  for cmd in $IPTABLES_CMDS; do
    case "$cmd" in
      *6*) 
         rules="$RULES6"
	 ipv="6"
	 ;;
        *) 
         rules="$RULES4"
	 ipv="4"
	 ;;
    esac
    if [ -e "$rules" ]; then
      "$cmd-restore" "$rules" 
    fi
  done
  check_docker
  check_tether
}

if [ "$1" = "enable" ]; then
  case "${RULES}" in
    "none") 
       flush
       ;;
    "public") 
       RULES4="${PUBLIC_RULES}4"
       RULES6="${PUBLIC_RULES}6"
       ;;
    "home") 
       RULES4="${HOME_RULES}4"
       RULES6="${HOME_RULES}6"
       ;;
    "custom") 
       RULES4="${CUSTOM_RULES}4"
       RULES6="${CUSTOM_RULES}6"
       ;;
    *) 
       exit 1
       ;;
  esac
  enable
elif [ "$1" = "disable" ]; then
  flush
else
  exit 1
fi

exit 0