#! /bin/sh

# uruk-save - directly dump /etc/uruk/rc to an iptables-save style
#                  file, without invoking iptables

# this file maintained at http://git.mdcc.cx/uruk.git

# Copyright © 2005 Joost van Baal
# Copyright © 2012,2015 Wessel Dankers
#
# This file is part of Uruk.  Uruk is free software; you can redistribute
# it and/or modify it under the terms of the GNU GPL, see the file named
# COPYING.

#
# iptables 1.8.2, kernel >= 2.4.18, IPv4:
#
#  table
#   built-in chain, built-in chain ...
#
#  filter
#   INPUT FORWARD OUTPUT
#  nat
#   PREROUTING INPUT OUTPUT POSTROUTING
#  mangle
#   PREROUTING INPUT OUTPUT FORWARD POSTROUTING
#  raw
#   PREROUTING OUTPUT
#  security
#   INPUT OUTPUT FORWARD
#

echo "# Generated by uruk-save on $(date)"
echo

export uruk_save_dir=$(mktemp -d)
trap 'rm -rf -- "$uruk_save_dir"' EXIT INT HUP QUIT TERM

echo "*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/filter

echo "*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/raw

echo "*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]" >$uruk_save_dir/mangle

case $1 in -6)
    # invoke the uruk_save shell function, defined in the uruk script
    URUK_IPTABLES=: URUK_IP6TABLES=uruk_save uruk
;; *)
    echo "*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/nat
    URUK_IPTABLES=uruk_save URUK_IP6TABLES=: uruk
esac

for f in $uruk_save_dir/*
do
    cat $f
    echo COMMIT
    echo
done

echo "# Completed on $(date)"