#!/sbin/openrc-run
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

depend() {
	before net
	provide firewall
}

start() {
	ebegin "Starting ufw"
	_source_file || { eend $?; return $?; }

	local enabled_in_cfg ret
	_check_if_enabled_in_cfg
	enabled_in_cfg=$?

	# Avoid "Firewall already started, use 'force-reload'" message that
	# appears if `ufw enable' had been run before start().
	if _status_quiet; then
		eend 0
		return
	fi

	# The ufw_start function does the same: if ufw is disabled using `ufw disable',
	# ufw_start would not start ufw and return 0, so let's handle this case.
	case $enabled_in_cfg in
	0)
		ufw_start
		ret=$?
		eend $ret "Failed to start ufw."
		;;
	1)
		# see /etc/conf.d/<name>
		if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
			ret=1
			eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first."
		else
			ret=0
			eend 0
		fi
		;;
	2)
		ret=1
		eend $ret "Failed to start ufw."
		;;
	esac

	return $ret
}

stop() {
	ebegin "Stopping ufw"
	_source_file || { eend $?; return $?; }
	local enabled_in_cfg ret
	_check_if_enabled_in_cfg
	enabled_in_cfg=$?

	# Same as above (unless --force is passed to ufw_stop).
	case $enabled_in_cfg in
	0)
		ufw_stop
		ret=$?
		;;
	1)
		einfo "INFO: ufw is configured to be disabled"
		ufw_stop --force
		ret=$?
		;;
	2)
		ret=1
		;;
	esac

	eend $ret "Failed to stop ufw."
	return $ret
}

_status_quiet() {
	# return values: 0 - started, 1 - stopped, 2 - error
	# Does not execute _source_file.
	local ret
	ufw_status > /dev/null
	ret=$?
	# Return values for ufw_status come from /usr/share/ufw/ufw-init-functions.
	case $ret in
	0) return 0 ;;
	3) return 1 ;;
	*) return 2 ;;
	esac
}

_source_file() {
	local sourced_f="/usr/share/ufw/ufw-init-functions"
	if [ ! -f "$sourced_f" ]; then
		eerror "Cannot find file $sourced_f!"
		return 1
	fi

	local _path=$PATH
	if ! . "$sourced_f"; then
		# PATH can be broken here, fix it...
		PATH=$_path
		eerror "Error sourcing file $sourced_f"
		return 1
	fi

	if [ -z "$PATH" ]; then
		PATH=$_path
	else
		PATH="${PATH}:${_path}"
	fi
	return 0
}

_check_if_enabled_in_cfg() {
	# Check if user has enabled the firewall with "ufw enable".
	# Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.

	local sourced_f="/etc/ufw/ufw.conf"
	if [ ! -f "$sourced_f" ]; then
		eerror "Cannot find file $sourced_f!"
		return 2
	fi

	if ! . "$sourced_f"; then
		eerror "Error sourcing file $sourced_f"
		return 2
	fi

	if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
		return 0
	else
		return 1
	fi
}