#
# Copyright 2013 Canonical Ltd.
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License version 3,
#    as published by the Free Software Foundation.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
set -e

case "$1" in
start)
    # typically required
    if [ -r /etc/ufw/sets.ipset ]
    then
      ipset -f /etc/ufw/sets.ipset restore
      # Journalise et autorise le trafic NTP a destination des serveurs des pools *.fr.pool.ntp.org
      iptables -A ufw-after-output -o wan -m set --match-set set_ntp_servers dst -p udp --dport 123 -j ufw-logging-allow -m comment --comment "Autorise trafic NTP vers fr.pool.ntp.org"
      iptables -A ufw-after-output -o wan -m set --match-set set_ntp_servers dst -p udp --dport 123 -j ACCEPT -m comment --comment "Autorise trafic NTP vers fr.pool.ntp.org"
    fi
    ;;
stop)
    # typically required
    ipset destroy
    ;;
status)
    # optional
    ;;
flush-all)
    # optional
    ;;
*)
    echo "'$1' not supported"
    echo "Usage: after.init {start|stop|flush-all|status}"
    ;;
esac