#!/sbin/runscript
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall-lite/files/shorewall-lite,v 1.1 2007/05/20 22:32:36 mjolnir Exp $

extra_commands="clear reset"
extra_started_commands="refresh"

depend() {
	need net
	provide firewall
	after ulogd
}

start() {
	ebegin "Starting firewall"
	/sbin/shorewall-lite -f start 1>/dev/null
	eend $? 
}

stop() {
	ebegin "Stopping firewall"
	/sbin/shorewall-lite stop 1>/dev/null
	eend $?
}

restart() {
	# shorewall comes with its own control script that includes a
	# restart function, so refrain from calling svc_stop/svc_start
	# here.  Note that this comment is required to fix bug 55576;
	# runscript.sh greps this script...  (09 Jul 2004 agriffis)
	ebegin "Restarting firewall"
	if [ -f /var/lib/shorewall-lite/restore ] ; then
		/sbin/shorewall-lite restore
	else
		/sbin/shorewall-lite restart 1>/dev/null
	fi
	eend $?
}

clear() {
	# clear will remove all the rules and bring the system to an unfirewalled
	# state. (21 Nov 2004 eldad)

	ebegin "Clearing all firewall rules and setting policy to ACCEPT"
	/sbin/shorewall-lite clear && mark_service_stopped "${SVCNAME}"
	eend $?
}

reset() {
	# reset the packet and byte counters in the firewall

	ebegin "Resetting the packet and byte counters in the firewall"
	/sbin/shorewall-lite reset
	eend $?
}

refresh() {
	# refresh the rules involving the broadcast addresses of firewall 
	# interfaces, the black list, traffic control rules and 
	# ECN control rules

	ebegin "Refreshing firewall rules"
	/sbin/shorewall-lite refresh
	eend $?
}