#!/sbin/runscript
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

extra_commands="save reload panic"

ipset_bin="/usr/sbin/ipset"

depend() {
	use logger
}

checkconfig() {
	if [ ! -f ${ipset_save} ] ; then
		eerror "Not starting ipset.  First create some rules then run:"
		eerror "/etc/init.d/ipset save"
		return 1
	fi
	return 0
}

destroy() {
	${ipset_bin} flush
	local a
	for a in $(awk /^create/{'print $2'} "${ipset_save}"); do
		einfo destroying ${a}
		${ipset_bin} destroy ${a}
	done
}

start() {
	checkconfig || return 1
	ebegin "Loading ipset state"
	${ipset_bin} restore < "${ipset_save}"
	eend $?
}

stop() {
	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
		save || return 1
	fi
	ebegin "Stopping firewall"
	destroy
	eend $?
}

reload() {
	ebegin "Flushing firewall"
	destroy
	eend $?

	start
}

save() {
	ebegin "Saving ipset state"
	touch "${ipset_save}"
	chmod 0600 "${ipset_save}"
	${ipset_bin} save > "${ipset_save}"
	eend $?
}

panic() {
	if service_started ipset; then
		rc-service ipset stop
	fi
	destroy
	eend $?
}