#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2009  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

include zones.green
include zones.orange
include zones.red

function zones_global_add() {
	local device
	local name

	device=$1

	vecho "Adding zone \"$device\""

	name=$(uppercase "ZONE_$device")

	### FILTER
	chain_create $name
	iptables -A INPUT   -i $device -j $name
	iptables -A FORWARD -i $device -j $name
	iptables -A FORWARD -o $device -j $name
	iptables -A OUTPUT  -o $device -j $name

	# Leave some space for own rules
	chain_create ${name}_CUSTOM
	iptables -A $name -j ${name}_CUSTOM

	# Intrusion Preventions System
	chain_create ${name}_IPS
	iptables -A $name -i $device -j ${name}_IPS

	# Portforwarding
	chain_create ${name}_PORTFW
	iptables -A $name -i $device -j ${name}_PORTFW

	# Outgoing firewall
	chain_create ${name}_OUTFW
	iptables -A $name -o $device -j ${name}_OUTFW

	# Policy rules
	chain_create ${name}_POLICY
	iptables -A $name -j ${name}_POLICY

	### MANGLE
	chain_create -t mangle $name
	iptables -t mangle -A PREROUTING  -i $device -j $name
	iptables -t mangle -A POSTROUTING -o $device -j $name

	# Quality of Service
	chain_create -t mangle ${name}_QOS_INC
	iptables -t mangle -A $name -i $device -j ${name}_QOS_INC
	chain_create -t mangle ${name}_QOS_OUT
	iptables -t mangle -A $name -o $device -j ${name}_QOS_OUT

	### NAT
	chain_create -t nat ${name}
	iptables -t nat -A PREROUTING  -i $device -j ${name}
	iptables -t nat -A POSTROUTING -o $device -j ${name}

    # Network Address Translation
	chain_create -t nat ${name}_NAT
	iptables -t nat -A $name -i $device -j ${name}_NAT

    # Portforwarding
	chain_create -t nat ${name}_PORTFW
	iptables -t nat -A $name -i $device -j ${name}_PORTFW

    # UPNP
	chain_create -t nat ${name}_UPNP
	iptables -t nat -A $name -j ${name}_UPNP
}


### LOCAL ZONE
function zones_local_add() {

	decho "Adding zone \"local\""

	# Accept everything on lo
	iptables -A INPUT  -i lo -j ACCEPT
	iptables -A OUTPUT -o lo -j ACCEPT

}