#!/usr/bin/env bash
#
# Author: Dmitry Razumov <asmeron@ublinux.com>
# Copyright (c) 2021-2025 UBLinux <support@ublinux.com>
#
# Initial script for Linux UBLinux
# This script are launching before starting init from initrd script
# Current dir allways must be set to root (/)
# All system path must be relative, except initrd dirs

ENABLED=no
[[ ${ENABLED} == "yes" ]] || exit 0
DEBUGMODE=no

PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin

[[ -d /usr/lib/ublinux ]] && { ROOTFS= ; CMD_CHROOT= ; } || { [[ -d /sysroot ]] && ROOTFS="/sysroot" || ROOTFS="."; CMD_CHROOT="chroot ${ROOTFS}"; }
SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
SOURCE=${ROOTFS}/usr/lib/ublinux/default; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
debug_mode "$0" "$@"

SYSCONF="${ROOTFS}${SYSCONF}"
SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/network; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null

[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s-192.168.1.0/24-$IPTABLESTRUSTEDIP- etc/exports
[ -z "$IPTABLESTRUSTEDIP" ] && sed -i s_"^\[.*-A INPUT   -s .* -j ACCEPT.*"_'#[0:0] -A INPUT   -s $IPTABLESTRUSTEDIP -j ACCEPT'_ etc/ublinux/iptables
[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s_".*-A INPUT   -s .* -j ACCEPT.*"_"[0:0] -A INPUT   -s $IPTABLESTRUSTEDIP -j ACCEPT"_ etc/ublinux/iptables
[ -z "$IPTABLESOPENPORTSTCP" ] && sed -i s_"^\[.*-A INPUT   -p tcp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT   -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT'_ etc/ublinux/iptables
[ -z "$IPTABLESOPENPORTSTCP" ] || sed -i s_".*-A INPUT   -p tcp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT   -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT"_ etc/ublinux/iptables
[ -z "$IPTABLESOPENPORTSUDP" ] && sed -i s_"^\[.*-A INPUT   -p udp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT   -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT'_ etc/ublinux/iptables
[ -z "$IPTABLESOPENPORTSUDP" ] || sed -i s_".*-A INPUT   -p udp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT   -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT"_ etc/ublinux/iptables
if [ -z "$TORUSERS" ] ;then
    sed -i s_"^\[.* -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_'#TOR#[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN'_ etc/ublinux/iptables
    sed -i s_"^\[.*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_'#TOR#[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353'_ etc/ublinux/iptables
    sed -i s_"^\[.*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_'#TOR#[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040'_ etc/ublinux/iptables
else
    sed -i s_".*-A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_"[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN"_ etc/ublinux/iptables
    sed -i s_".*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_"[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353"_ etc/ublinux/iptables
    sed -i s_".*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_"[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040"_ etc/ublinux/iptables
fi
if [ "$ROUTER" = "yes" ] ;then
    sed -i s/".* -A POSTROUTING   -j MASQUERADE.*"/'[0:0] -A POSTROUTING   -j MASQUERADE'/ etc/ublinux/iptables
    PFP=etc/sysctl.conf
    [ -f $PFP ] || PFP=etc/sysctl.d/ublinux.conf
    sed -i /net.ipv4.ip_forward/d $PFP
    echo "net.ipv4.ip_forward = 1" >>$PFP
    sed -i '/-A FORWARD -i eth0 -o eth0 -j DROP/d' etc/ublinux/iptables
else
    sed -i s/"^\[.* -A POSTROUTING   -j MASQUERADE.*"/'#ROUTER#[0:0] -A POSTROUTING   -j MASQUERADE'/ etc/ublinux/iptables
fi