# this custom script runs standard mode with extra firewall rules

# config: use NFQWS2_ENABLE_OVERRIDE to enable standard mode daemons
# standard and override switches cannot be enabled simultaneously !

NFQWS2_ENABLE_OVERRIDE=${NFQWS2_ENABLE_OVERRIDE:-0}

# config: some if these values must be set in config. not setting any of these makes this script meaningless.
# pre vars put ipt/nft code to the rule beginning
#FW_EXTRA_PRE_NFQWS2_IPT="-m mark --mark 0x10000000/0x10000000"
#FW_EXTRA_PRE_NFQWS2_NFT="mark and 0x10000000 != 0"
# post vars put ipt/nft code to the rule end
#FW_EXTRA_POST_NFQWS2_IPT=
#FW_EXTRA_POST_NFQWS2_NFT=

check_std_intersect()
{
	[ "$NFQWS2_ENABLE_OVERRIDE" = 1 -a "$NFQWS2_ENABLE" = 1 ] && {
		echo "ERROR ! both NFQWS2_ENABLE_OVERRIDE and NFQWS2_ENABLE are enabled"
		return 1
	}
	return 0
}

zapret_custom_daemons()
{
	# $1 - 1 - add, 0 - stop

	check_std_intersect || return

	local NFQWS2_ENABLE=$NFQWS2_ENABLE_OVERRIDE
	standard_mode_daemons "$1"
}
zapret_custom_firewall()
{
	# $1 - 1 - run, 0 - stop

	check_std_intersect || return

	local FW_EXTRA_PRE FW_EXTRA_POST NFQWS2_ENABLE=$NFQWS2_ENABLE_OVERRIDE
	FW_EXTRA_PRE="$FW_EXTRA_PRE_NFQWS2_IPT" FW_EXTRA_POST="$FW_EXTRA_POST_NFQWS2_IPT"
	zapret_do_firewall_standard_nfqws_rules_ipt $1
}
zapret_custom_firewall_nft()
{
	# stop logic is not required

	check_std_intersect || return

	local FW_EXTRA_PRE FW_EXTRA_POST NFQWS2_ENABLE=$NFQWS2_ENABLE_OVERRIDE
	FW_EXTRA_PRE="$FW_EXTRA_PRE_NFQWS2_NFT" FW_EXTRA_POST="$FW_EXTRA_POST_NFQWS2_NFT"
	zapret_apply_firewall_standard_nfqws_rules_nft
}
