#!/usr/bin/env bash
set -euo pipefail

: "${PERSIST_RULES_V4:?PERSIST_RULES_V4 is required}"
: "${PERSIST_RULES_V6:=}"
: "${IPTABLES_SAVE_BIN:=iptables-save}"
: "${IP6TABLES_SAVE_BIN:=ip6tables-save}"
: "${IPTABLES_RESTORE_BIN:=iptables-restore}"
: "${IP6TABLES_RESTORE_BIN:=ip6tables-restore}"
: "${PERSIST_FIXTURE_LOG:=}"

log_action() {
  [[ -n ${PERSIST_FIXTURE_LOG} ]] || return 0
  printf '%s %s\n' "$(basename -- "$0")" "$*" >>"${PERSIST_FIXTURE_LOG}"
}

save_family_rules() {
  local save_bin=$1
  local output_file=$2
  [[ -n ${output_file} ]] || return 0
  mkdir -p "$(dirname -- "${output_file}")"
  if command -v "${save_bin}" >/dev/null 2>&1; then
    "${save_bin}" >"${output_file}"
  fi
}

reload_family_rules() {
  local restore_bin=$1
  local input_file=$2
  [[ -n ${input_file} && -f ${input_file} ]] || return 0
  if command -v "${restore_bin}" >/dev/null 2>&1; then
    "${restore_bin}" <"${input_file}"
  fi
}

case ${1-} in
  save)
    log_action "$@"
    save_family_rules "${IPTABLES_SAVE_BIN}" "${PERSIST_RULES_V4}"
    save_family_rules "${IP6TABLES_SAVE_BIN}" "${PERSIST_RULES_V6}"
    ;;
  reload)
    log_action "$@"
    reload_family_rules "${IPTABLES_RESTORE_BIN}" "${PERSIST_RULES_V4}"
    reload_family_rules "${IP6TABLES_RESTORE_BIN}" "${PERSIST_RULES_V6}"
    ;;
  *)
    printf 'usage: %s <save|reload>\n' "$(basename -- "$0")" >&2
    exit 1
    ;;
esac