#! /bin/sh

# uruk-save - directly dump /etc/uruk/rc to an iptables-save style
#                  file, without invoking iptables

# this file maintained at http://git.mdcc.cx/uruk.git

# Copyright © 2005 Joost van Baal
# Copyright © 2012,2015 Wessel Dankers
#
# This file is part of Uruk.  Uruk is free software; you can redistribute
# it and/or modify it under the terms of the GNU GPL, see the file named
# COPYING.

echo "# Generated by uruk-save on $(date)"
echo

export uruk_save_dir=$(mktemp -d)
trap 'rm -rf -- "$uruk_save_dir"' EXIT INT HUP QUIT TERM

echo "*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/filter

echo "*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/raw

echo "*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]" >$uruk_save_dir/mangle

case $1 in -6)
    URUK_IPTABLES=: URUK_IP6TABLES=uruk_save uruk
;; *)
    echo "*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]" >$uruk_save_dir/nat
    URUK_IPTABLES=uruk_save URUK_IP6TABLES=: uruk
esac

for f in $uruk_save_dir/*
do
    cat $f
    echo COMMIT
    echo
done

echo "# Completed on $(date)"
