#!/bin/sh

set +e

if [ "$#" -lt 2 ] ; then
    logger -p "user.err" "EAPOL firewall failed."
    exit 1
fi

if [ "$2" = "disable" ] ; then
# delete rules
    iptables -D INPUT -i ${1} -j DROP
    iptables -D OUTPUT -o ${1} -j DROP
    iptables -D FORWARD -o ${1} -j DROP
    ip6tables -D INPUT -i ${1} -j DROP
    ip6tables -D OUTPUT -o ${1} -j DROP
    ip6tables -D FORWARD -o ${1} -j DROP
    iptables -D INPUT -i ${1} -p udp --dport 67 --sport 68 -j DROP
# add rules
    iptables -I INPUT -i ${1} -j DROP
    iptables -I OUTPUT -o ${1} -j DROP
    iptables -I FORWARD -o ${1} -j DROP
    ip6tables -I INPUT -i ${1} -j DROP
    ip6tables -I OUTPUT -o ${1} -j DROP
    ip6tables -I FORWARD -o ${1} -j DROP
    iptables -I INPUT -i ${1} -p udp --dport 67 --sport 68 -j DROP
fi

if [ "$2" = "enable" ] ; then
# delete rules    
    iptables -D INPUT -i ${1} -j DROP
    iptables -D OUTPUT -o ${1} -j DROP
    iptables -D FORWARD -o ${1} -j DROP
    ip6tables -D INPUT -i ${1} -j DROP
    ip6tables -D OUTPUT -o ${1} -j DROP
    ip6tables -D FORWARD -o ${1} -j DROP
    iptables -D INPUT -i ${1} -p udp --dport 67 --sport 68 -j DROP
fi
