#!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org

START=45

IPTABLES=iptables
config_load mac_block

fw_mac_block()
{
	local mac
	local tmp
	local status
	
	config_get mac $1 mac
	config_get status $1 status
	
	if [ "$status" = "disable" ];then
		return
	fi

	[ -z "$mac" ] && { \
		echo "needs mac"; return ; }
			
	add_rule() {
			$IPTABLES -A MAC_BLOCK -t mangle -m mac --mac-source $mac -j LOG --action DROP 	
			#$IPTABLES -A MAC_BLOCK -t mangle -m mac --mac-source $mac -j DROP
	}	
	add_rule		
}
fw_mac_block_apply()
{
	local mac
	local status
	
	config_get mac $1 mac
	config_get status $1 status
	
	if [ "$status" = "disable" ];then
		return
	fi
	
	[ -z "$mac" ] && { \
		echo "needs mac"; return ; }
			
	add_rule() {
			$IPTABLES -A MAC_BLOCK -t mangle -m mac --mac-source $mac -j LOG --action DROP 
			#$IPTABLES -A MAC_BLOCK -t mangle -m mac --mac-source $mac -j DROP	
	}	
	add_rule		
}

fw_mac_block_delete()
{
	local mac
	
	mac=$(uci oget mac_block.$1.mac)
	
	[ -z "$mac" ] && { \
		echo "needs mac"; return ; }
			
	add_rule() {
			#$IPTABLES -D MAC_BLOCK -t mangle -m mac --mac-source $mac -j DROP 2>/dev/null
			$IPTABLES -D MAC_BLOCK -t mangle -m mac --mac-source $mac -j LOG --action DROP  2>/dev/null
	}	
	add_rule		
}

start() {
	#$IPTABLES -N MAC_BLOCK -t mangle
	#$IPTABLES -I PREROUTING -t mangle -j MAC_BLOCK
	config_foreach fw_mac_block mb_profile
}

stop() {
	$IPTABLES -F MAC_BLOCK -t mangle
}

apply() {
	chage=$(uci fchanges delete mac_block)	
	for profile in ${chage}; do
		fw_mac_block_delete $profile
	done
	
	chage=$(uci fchanges new mac_block)
	for profile in ${chage}; do
		fw_mac_block_apply $profile
	done	
	
	chage=$(uci fchanges modify mac_block)
	for profile in ${chage}; do
		fw_mac_block_delete $profile
		fw_mac_block_apply $profile
	done
	
	uci commit mac_block
	
}