#!/bin/sh

# config: /etc/sysconfig/arptables

# Source 'em up

. /etc/init.d/functions

ARPTABLES_CONFIG=/etc/sysconfig/arptables

arp_table() {

	if fgrep -qsx $1 /proc/net/arp_tables_names; then

		arptables -t "$@"

	fi

}

flush_delete_chains() {

	chains=$(cat /proc/net/arp_tables_names 2>/dev/null)

	echo -n $"Flushing all chains:"

	let ret=0

	for i in $chains; do arptables -t $i -F; let ret+=$?; done

	arptables -F; let ret+=$?

	if [ $ret -eq 0 ]; then

		success

	else

		failure

	fi

	echo

	echo -n $"Removing user defined chains:"

	let ret=0

	for i in $chains; do arptables -t $i -X; let ret+=$?; done

	arptables -X; let ret+=$?

	if [ $ret -eq 0 ]; then

		success

	else

		failure

	fi

	echo

}

start() {

	if [ ! -x /usr/sbin/arptables ]; then

		exit 4

	fi

	# don't do squat if we don't have the config file

	if [ -f $ARPTABLES_CONFIG ]; then

		# If we don't clear these first, we might be adding to

		# pre-existing rules.

                flush_delete_chains

		for i in $(cat /proc/net/arp_tables_names 2>/dev/null); do

			arptables -t $i -Z;

		done

		echo -n $"Applying arptables firewall rules: "

		/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \

			success || \

			failure

		echo

		touch /var/lock/subsys/arptables

	else

		failure

		echo

		echo $"Configuration file /etc/sysconfig/arptables missing"

		exit 6

	fi

}

stop() {

        flush_delete_chains

	echo -n $"Resetting built-in chains to the default ACCEPT policy:"

	arp_table filter -P INPUT ACCEPT && \

		arp_table filter -P OUTPUT ACCEPT && \

		success || \

		failure

	echo

	rm -f /var/lock/subsys/arptables

}

case "$1" in

start)

	start

	;;

stop)

	stop

	;;

restart|reload)

	# "restart" is really just "start" as this isn't a daemon,

	# and "start" clears any pre-defined rules anyway.

	# This is really only here to make those who expect it happy

	start

	;;

condrestart|try-restart|force-reload)

	[ -e /var/lock/subsys/arptables ] && start

	;;

*)

	exit 2

esac

exit 0