## -*- mode: shell-script; -*- 
##
## Double '##' comments are removed when configlet is processed.
## Single '#' comments stay.
##
## Some shells (not bash) do not like empty functions. Placing a comment
## inside the function does not help. Using dummy ":" as a placeholder.
##
{{$top_comment}}

{{$errors_and_warnings}}

START=46

EXTRA_COMMANDS="status interfaces test_interfaces"

{{$shell_debug}}
FWBDEBUG=""

{{$path}}

{{$constants}}

{{$tools}}

{{$shell_functions}}

{{$run_time_address_tables}}

load_modules() {
    :
    {{$load_modules}}
}

verify_interfaces() {
    :
    {{$verify_interfaces}}
}

prolog_commands() {
    echo "Running prolog script"
    {{$prolog_script}}
}

epilog_commands() {
    echo "Running epilog script"
    {{$epilog_script}}
}

run_epilog_and_exit() {
    epilog_commands
    exit $1
}

configure_interfaces() {
    :
    {{$configure_interfaces}}
}

script_body() {
    {{$script_body}}
}

ip_forward() {
    :
    {{$ip_forward_commands}}
}

reset_all() {
    :
    {{$reset_all}}
}

{{$stop_action}}

{{$status_action}}

start() {
    log "Activating firewall script generated {{$timestamp}} by {{$user}}"
    check_tools
    {{if prolog_top}} prolog_commands {{endif}}
    check_run_time_address_table_files
    {{if using_ipset}}
    check_module_ipset
    load_run_time_address_table_files
    {{endif}}
    load_modules "{{$load_modules_with_nat}} {{$load_modules_with_ipv6}}"
    configure_interfaces
    verify_interfaces
    {{if prolog_after_interfaces}} prolog_commands {{endif}}
    {{if not_using_iptables_restore}} reset_all {{endif}}
    {{if prolog_after_flush}} prolog_commands {{endif}}
    script_body
    ip_forward
    epilog_commands
}

stop() {
    stop_action
}

status() {
    status_action
}

interfaces() {
    configure_interfaces
}

test_interfaces() {
    FWBDEBUG="echo"
    configure_interfaces
}

