#!/bin/sh
#
# chkconfig: 2345 07 93
# description: Automates administration of IP sets.
#
# config: /etc/sysconfig/ipset
#

IPSET_CONFIG=/etc/sysconfig/ipset
if [ ! -f $IPSET_CONFIG ]; then
	case "$1" in
	start|restart|try-restart|reload|force-reload)
		exit 0
	;;
	esac
fi

. /etc/rc.d/init.d/functions

start() {
	if [ ! -f $IPSET_CONFIG ]; then
		return
	fi

	show "Applying ipset rules"
	/usr/sbin/ipset -X
	/usr/sbin/ipset -R < $IPSET_CONFIG
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
		ok
	else
		fail
	fi
	touch /var/lock/subsys/ipset
}

stop() {
	if [ ! -f /var/lock/subsys/ipset ]; then
		return
	fi

	show "Resetting ipset rules"
	/usr/sbin/ipset -X && ok || fail
	rm -f /var/lock/subsys/ipset
}

save() {
	show "Saving current rules to %s" $IPSET_CONFIG
	/usr/sbin/ipset -S > $IPSET_CONFIG.tmp
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
		cat $IPSET_CONFIG.tmp > $IPSET_CONFIG
		chmod 600 $IPSET_CONFIG
		ok
	else
		fail
	fi
	rm -f $IPSET_CONFIG.tmp
}

status() {
	/usr/sbin/ipset list
	RETVAL=$?
}

RETVAL=0
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart|try-restart|reload|force-reload)
	start
	;;
  save)
	save
	;;
  status)
	status
	;;
  *)
	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|save|status}"
	exit 3
esac

exit $RETVAL
