#!/bin/sh

set -ue

. web-splash.conf

remove_old()
{
	# remove the rules from PREROUTING
	$IPT -t nat -D PREROUTING -j $CHAIN_ALL
	
	# empty and remove chains if they exist
	for a in $CHAIN_FORWARD $CHAIN_REDIRECT $CHAIN_ALL
		do	$IPT -F $a 2>/dev/null && $IPT -X $a
	  done
}


init_chains()
{
	# create chains
	for a in $CHAIN_FORWARD $CHAIN_REDIRECT $CHAIN_ALL
		do	$IPT -N $a
	  done
	
	# all packets from the specified interface go to the general chain
	$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_ALL

	# default rules for CHAIN_ALL
	# excetions will be handled by rules that are inserted before them
	$IPT -A $CHAIN_ALL -p tcp --dport 80 -j $CHAIN_REDIRECT
	$IPT -A $CHAIN_ALL -p tcp --dport 80 -j ACCEPT
	$IPT -A $CHAIN_ALL -j $REJECT_ACTION

	# all registered senders are simply accepted
	$IPT -A $CHAIN_FORWARD -j ACCEPT

	# all unregistered senders get redirected
	$IPT -A $CHAIN_REDIRECT -j DNAT --to-destination $SPLASH_SERVER
	$IPT -A $CHAIN_REDIRECT -j ACCEPT
}


ACTION="--help"
[ $# -gt 0 ] && ACTION="$1"

case "$ACTION" in
	start|restart )
		remove_old
		init_chains
		;;
	stop )
		remove_old
		;;
	* )
		echo "Syntax: $0 {start|stop|restart}"
		echo
		;;
  esac