#!/bin/sh

. /etc/rc.subr

# PROVIDE: pftab
# REQUIRE: FILESYSTEMS pf unbound
# BEFORE:  NETWORKING
# KEYWORD: nojailvnet shutdown

name="pftab"
rcvar=pftab_enable

start_cmd="pftab_start"
stop_cmd="pftab_flush"
load_cmd="pftab_load"
flush_cmd="pftab_flush"
extra_commands="load flush"

load_rc_config $name
: ${pftab_enable:="NO"}
: ${pftab_file=/usr/local/etc/pftab}
: ${pftab_suffix=""}

pftab_command_flush() {
    file="$1" ; anchor="$2$pftab_suffix" ; flags=$3
    if ( echo -n $flags | grep -qi "noflush" ) ; then
        info "Not flushing anchor $anchor with flag noflush."
    else
        info "Flushing anchor $anchor..."
	pfctl -q -F all -a $anchor
    fi
}

pftab_command_load() {
    file="$1" ; anchor="$2$pftab_suffix" ; flags=$3
    if ( pfctl -n -a $anchor -f "$file" ) ; then
        if ( echo -n $flags | grep -qi "noflush" ) ; then
            info "Loading anchor $anchor from file $file without flushing..."
            pfctl -q -a $anchor -f "$file"
        else
            info "Loading anchor $anchor from file $file..."
            pfctl -q -F all -a $anchor -f "$file"
        fi
    else
        if ( echo -n $flags | grep -qi "nofail" ) ; then
            warn "Error(s) while checking file $file with flag nofail."
        else
            err 1 "Error(s) while checking file $file."
        fi
    fi
}

pftab_command_start() {
    file="$1" ; anchor=$2 ; flags=$3
    if ( echo -n $flags | grep -qi "noauto" ) ; then
        info "Not loading anchor $anchor with flag noauto"
    else
	pftab_command_load "$file" $anchor $flags
    fi
}

pftab_process_command() {
    cmd=$1 ; file="$2" ; anchor=$3 ; flags=$4
    if ( [ $cmd != "flush" ] && [ ! -r "$file" ] ) ; then
        if ( echo -n $flags | grep -qi "nofail" ) ; then
            warn "File $file missing or not readable with flag nofail."
        else
            err 1 "File $file missing or not readable."
        fi
    else
        case $cmd in
        "load")
            pftab_command_load  "$file" $anchor $flags
            ;;
        "flush")
            pftab_command_flush "$file" $anchor $flags
            ;;
        "start")
            pftab_command_start "$file" $anchor $flags
            ;;
        esac
    fi
}

pftab_process_line() {
    cmd=$1 ; sel="$2" ; file="$3" ; anchor=$4
    if [ $# -gt 4 ] ; then
        flags=$5
    else
        flags="defaults"
    fi
    if [ "$sel" = "all" ] ; then
        pftab_process_command $cmd "$file" $anchor $flags
    else
        for x in $sel ; do
            if [ $x = $anchor ] ; then
                pftab_process_command $cmd "$file" $anchor $flags
                break
            fi
        done
    fi
}

pftab_process_file() {
    cmd=$1 ; sel="$2"
    while read line ; do
        case "$line" in
        ''|\#*)
            continue
            ;;
        esac
        pftab_process_line $cmd "$sel" $line
    done < "$pftab_file"
}

pftab_start() {
    if [ $# -gt 0 ] ; then
        pftab_process_file start "$*"
    else
        pftab_process_file start all
    fi
}

pftab_load() {
    if [ $# -gt 0 ] ; then
        pftab_process_file load "$*"
    else
        pftab_process_file load all
    fi
}

pftab_flush() {
    if [ $# -gt 0 ] ; then
        pftab_process_file flush "$*"
    else
        pftab_process_file flush all
    fi
}

run_rc_command "$@"