#!/sbin/runscript
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

opts="${opts} force_reload"

depend() {
	before net
}

start() {
	ebegin "Starting ufw"
	_source_file || { eend $?; return $?; }

	local enabled_in_cfg ret
	_check_if_enabled_in_cfg
	enabled_in_cfg=$?

	# The ufw_start function does the same: if ufw is disabled using `ufw disable',
	# ufw_start would not start ufw and return 0, so let's handle this case.
	case $enabled_in_cfg in
	0)
		ufw_start
		ret=$?
		eend $ret "Failed to start ufw."
		;;
	1)
		# see /etc/conf.d/<name>
		if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
			ret=1
			eend $ret "Not starting firewall (not enabled)"
		else
			ret=0
			eend 0
		fi
		;;
	2)
		ret=1
		eend $ret "Failed to start ufw."
		;;
	esac

	if _status_quiet; then
		mark_service_started "${SVCNAME}"
	else
		mark_service_stopped "${SVCNAME}"
	fi
	return $ret
}

stop() {
	ebegin "Stopping ufw"
	_source_file || { eend $?; return $?; }
	local enabled_in_cfg ret
	_check_if_enabled_in_cfg
	enabled_in_cfg=$?

	# Same as above (unless --force is passed to ufw_stop).
	case $enabled_in_cfg in
	0)
		ufw_stop
		ret=$?
		eend $ret "Failed to stop ufw."
		;;
	1)
		ret=1
		eend $ret "Not stopping firewall (not enabled)"
		;;
	2)
		ret=1
		eend $ret "Failed to stop ufw."
		;;
	esac

	if _status_quiet; then
		mark_service_started "${SVCNAME}"
	else
		mark_service_stopped "${SVCNAME}"
	fi
	return $ret
}

_status_quiet() {
	# return values: 0 - started, 1 - stopped, 2 - error
	# Does not execute _source_file.
	local ret
	ufw_status > /dev/null 2>&1
	# Return values for ufw_status come from /lib/ufw/ufw-init-functions.
	case $ret in
	0) return 0 ;;
	3) return 1 ;;
	*) return 2 ;;
	esac
}

force_reload() {
	# Function to satisfy message "Firewall already started, use 'force-reload'"
	# (hyphen replaced by underscore...).
	ebegin "Restarting ufw"
	_source_file || { eend $?; return $?; }
	ufw_stop || { eend $?; return $?; }
	ufw_start || { eend $?; return $?; }
	eend 0
}

_source_file() {
	local sourced_f="@GENTOO_PORTAGE_EPREFIX@/lib/ufw/ufw-init-functions"
	if [ ! -f "$sourced_f" ]; then
		eerror "Cannot find file $sourced_f!"
		return 1
	fi

	local _path=$PATH
	if ! source "$sourced_f"; then
		# PATH can be broken here, fix it...
		PATH=$_path
		eerror "Error sourcing file $sourced_f"
		return 1
	fi

	if [ -z "$PATH" ]; then
		PATH=$_path
	else
		PATH="${PATH}:${_path}"
	fi
	return 0
}

_check_if_enabled_in_cfg() {
	# Check if user has enabled the firewall with "ufw enable".
	# Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.

	local sourced_f="@GENTOO_PORTAGE_EPREFIX@/etc/ufw/ufw.conf"
	if [ ! -f "$sourced_f" ]; then
		eerror "Cannot find file $sourced_f!"
		return 2
	fi

	if ! source "$sourced_f"; then
		eerror "Error sourcing file $sourced_f"
		return 2
	fi

	if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
		return 0
	else
		return 1
	fi
}