#!/bin/bash -e
#
# bonding-nftables - Bonding nftables policy
#

PATH=/bin:/sbin:/usr/bin:/usr/sbin

RUNDIR=/var/run/bonding
NODE_SOCK=$RUNDIR/node.sock
DISABLE=$RUNDIR/nftables-disable
NODE_RULESET=$RUNDIR/nftables-node-ruleset
SYSTEM_RULESET=/usr/share/bonding/nftables-system-ruleset


function node_running() {
    test -e $NODE_SOCK || return 1
    test -e $NODE_RULESET || return 1
}

function start() {
    if test -f $DISABLE ; then
        echo "Not loading nftables, has been disabled"
    elif node_running ; then
        echo "Loading node ruleset"
        nft -f $NODE_RULESET
    else
        echo "Loading system ruleset"
        nft -f $SYSTEM_RULESET
    fi
}

function stop() {
    nft flush ruleset
}

function status() {
    nft list ruleset
}

action=$1

case "$action" in
    start|restart)
        start
        ;;
    stop)
        stop
        ;;
    status)
        status
        ;;
    *)
        echo "Usage: $0 <start|stop|restart|status>"
        ;;
esac
