#!/bin/bash

MODE=${MODE:-$1}
IFAZE=${IFACE:-$2}

test "$IFAZE" || exit 1

if [ $MODE = restart ]; then
  $0 stop $IFAZE  || exit $?
  sleep 1
  $0 start $IFAZE || exit $?
  exit 0
fi

test -f /etc/default/sixxs && . /etc/default/sixxs

test "$IFACE"  || exit 1
test "$PREFIX" || exit 1
SUBNET=${SUBNET:-0}
ROUTER=${ROUTER:-1}
CLIENT=${CLIENT:-2}

if [ -z "$TUNNEL" ]; then
  if [ -f /etc/aiccu.conf ]; then
    TUNNEL=$(awk '/^ipv6_interface/{print $2}' /etc/aiccu.conf)
  fi
  TUNNEL=${TUNNEL:-aiccu}
fi

test "$IFAZE" = "$IFACE" || exit 0

ROUTER=$PREFIX:$SUBNET::$ROUTER
CLIENT=$PREFIX:$SUBNET::$CLIENT

case $MODE in
  start)
    ACTION=add
  ;;
  stop)
    ACTION=del
  ;;
esac

/etc/init.d/aiccu $MODE
/etc/init.d/radvd $MODE

# http://www.sixxs.net/faq/connectivity/?faq=usingsubnet&os=linux.router
ip -6 route $ACTION $PREFIX::/48 dev lo
ip -6 addr  $ACTION $ROUTER/64   dev $IFACE
# http://noc.sixxs.net/forum/?msg=setup-230468
ip -6 addr  $ACTION $CLIENT/128  dev $TUNNEL

for ipt in iptables ip6tables; do
  for x in filter:INPUT filter:FORWARD filter:OUTPUT; do
    $ipt -t `echo $x | sed -e 's/:/ -F /'`
    $ipt -t `echo $x | sed -e 's/:/ -P /'` ACCEPT
  done
  $ipt -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
  $ipt -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  $ipt -A INPUT   -p tcp --dport    22 -j ACCEPT
  $ipt -A FORWARD -p tcp --dport    22 -j ACCEPT
  $ipt -A INPUT   -p tcp --dport   113 -j REJECT --reject-with tcp-reset
  $ipt -A FORWARD -p tcp --dport   113 -j REJECT --reject-with tcp-reset
done

for t in destination-unreachable packet-too-big time-exceeded parameter-problem echo-request echo-reply; do
  ip6tables -A INPUT   -d 2001::/16 -p icmpv6 --icmpv6-type $t -j ACCEPT
  ip6tables -A FORWARD -d 2001::/16 -p icmpv6 --icmpv6-type $t -j ACCEPT
done

ip6tables -A INPUT   -s     fe80::/64    -j ACCEPT
ip6tables -A INPUT   -s '!' $PREFIX::/48 -j DROP
ip6tables -A FORWARD -s '!' $PREFIX::/48 -j DROP