#!/bin/sh

. /lib/functions.sh
#created by the icwmp package
log() {
	echo "${@}"|logger -t firewall.twamp -p info
}

if [ ! -f "/etc/config/twamp" ]; then
	exit 0;
fi

function configure_firewall()
{
	local enable port interface

	config_get enable ${1} enable "1"
	config_get port ${1} port
	config_get interface ${1} interface
	if [ "$enable" -eq 0 -o -z "${port}" -o -z "${interface}" ]; then
		return 0;
	fi

	iptables -w 1 -nL zone_${interface}_input 2>/dev/null 1>&2
	if [ "$?" -eq 0 ]; then
		iptables -w 1 -I zone_${interface}_input -p udp --dport "${port}" -j ACCEPT -m comment --comment "TWAMP reflector port"
	fi
}

function delete_rule()
{
        while iptables -w 1 -L zone_${1}_input --line-numbers | grep "TWAMP reflector port" > /dev/null; do
		iptables -w 1 -D zone_${1}_input $(iptables -w 1 -L zone_${1}_input --line-numbers | grep "TWAMP reflector port" | head -1|awk '{print $1}');
	done
}

# Loop through all interfaces and delete the twamp reflector rule from interface's input chain
config_load network
config_foreach delete_rule interface

config_load twamp
config_get twamp_enable twamp enable "0"
if [ "${twamp_enable}" -eq "0" ]; then
	exit 0;
fi

config_foreach configure_firewall twamp_reflector