#!/bin/bash
BASEDIR=/etc/firewall-sosdg
PATH=/usr/sbin:/usr/bin:/sbin:/bin

if [ ! -r $BASEDIR/include/static ] || [ ! -r $BASEDIR/include/functions ]; then
	echo "Error: Missing either include/static or include/functions. These are critical to operation"
	echo "of this script.  Please make sure they are readable and exist!"
	exit 1
fi

if [ -r $BASEDIR/options ]; then
	. $BASEDIR/options
else
	echo -e "${RED}Error: Can not load options file.  Did you forget to rename options.default?"
	exit 1
fi


. $BASEDIR/include/static
. $BASEDIR/include/functions







display_c YELLOW "This is a simple tool to display the iptables"
display_c YELLOW "rules used for blocking in ${BLOCKEDIP}. It is"
display_c YELLOW "a good way to verify the rules will work how"
display_c YELLOW "you intend."


if [[ "$1" =~ ":" ]]; then
			IFS_OLD=${IFS};IFS=:
			ADVBLKIP=($1)
			IFS=${IFS_OLD}
			SRCIF=${ADVBLKIP[0]}
			SRCIP=${ADVBLKIP[1]}
			SRCPORT=${ADVBLKIP[2]}
			DSTIF=${ADVBLKIP[3]}
			DSTIP=${ADVBLKIP[4]}
			DSTPORT=${ADVBLKIP[5]}
			DIRECTION=${ADVBLKIP[6]}
			PROTO=${ADVBLKIP[7]}
			if [ "$SRCIF" ]; then
				SRCIF="-i ${SRCIF} "
			fi
			if [ "$SRCIP" ]; then
				SRCIP="-s ${SRCIP} "
			fi
			if [ "$SRCPORT" ]; then
				SRCPORT="--sport ${SRCPORT/-/:} "
			fi
			if [ "$DSTIF" ]; then
				DSTIF="-o ${DSTIF} "
			fi
			if [ "$DSTIP" ]; then
				DSTIP="-d ${DSTIP} "
			fi
			if [ "$DSTPORT" ]; then
				DSTPORT="--dport ${DSTPORT/-/:} "
			fi
			if [ "$PROTO" ]; then
				case $PROTO in
					TCP|tcp) PROTO="-p tcp";;
					UDP|udp) PROTO="-p udp";;
					*) PROTO="-p ${PROTO}";;
				esac
			fi
			case $DIRECTION in
				IN) DIRECTION="INPUT" ;;
				OUT) DIRECTION="OUTPUT" ;;
				FWD) DIRECTION="FORWARD" ;;
				*) DIRECTION="INPUT" ;;
			esac
			echo "${IPTABLES} -A ${DIRECTION} ${SRCIF} ${SRCIP} ${SRCPORT} ${DSTIF} ${DSTIP} ${DSTPORT} ${PROTO} -j DROP"
fi