#!/bin/bash
#
# Initial script for Live operating system
# This script are launching before starting init from linux-live script.
# Current dir allways must be set to root (/)
# All system path must be relative, except initrd dirs

ENABLED=no
[ "$ENABLED" != "yes" ] && exit 0

PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin
DEBUGMODE=no
. usr/lib/ublinux/functions
. usr/lib/ublinux/os-config
debug_mode "$0" "$@"

echo $SYSCONF | grep -q ^/ && SYSCONF=.$SYSCONF
SOURCE=${SYSCONF}/config; [ -f "${SOURCE}" ] && . ${SOURCE} 2>/dev/null

#[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s-192.168.1.0/24-$IPTABLESTRUSTEDIP- etc/exports
#[ -z "$IPTABLESTRUSTEDIP" ] && sed -i s_"^\[.*-A INPUT   -s .* -j ACCEPT.*"_'#[0:0] -A INPUT   -s $IPTABLESTRUSTEDIP -j ACCEPT'_ etc/ublinux/iptables
#[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s_".*-A INPUT   -s .* -j ACCEPT.*"_"[0:0] -A INPUT   -s $IPTABLESTRUSTEDIP -j ACCEPT"_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSTCP" ] && sed -i s_"^\[.*-A INPUT   -p tcp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT   -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT'_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSTCP" ] || sed -i s_".*-A INPUT   -p tcp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT   -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT"_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSUDP" ] && sed -i s_"^\[.*-A INPUT   -p udp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT   -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT'_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSUDP" ] || sed -i s_".*-A INPUT   -p udp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT   -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT"_ etc/ublinux/iptables
#if [ -z "$TORUSERS" ] ;then
#    sed -i s_"^\[.* -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_'#TOR#[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN'_ etc/ublinux/iptables
#    sed -i s_"^\[.*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_'#TOR#[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353'_ etc/ublinux/iptables
#    sed -i s_"^\[.*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_'#TOR#[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040'_ etc/ublinux/iptables
#else
#    sed -i s_".*-A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_"[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN"_ etc/ublinux/iptables
#    sed -i s_".*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_"[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353"_ etc/ublinux/iptables
#    sed -i s_".*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_"[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040"_ etc/ublinux/iptables
#fi
#if [ "$ROUTER" = "yes" ] ;then
#    sed -i s/".* -A POSTROUTING   -j MASQUERADE.*"/'[0:0] -A POSTROUTING   -j MASQUERADE'/ etc/ublinux/iptables
#    PFP=etc/sysctl.conf
#    [ -f $PFP ] || PFP=etc/sysctl.d/ublinux.conf
#    sed -i /net.ipv4.ip_forward/d $PFP
#    echo "net.ipv4.ip_forward = 1" >>$PFP
#    sed -i '/-A FORWARD -i eth0 -o eth0 -j DROP/d' etc/ublinux/iptables
#else
#    sed -i s/"^\[.* -A POSTROUTING   -j MASQUERADE.*"/'#ROUTER#[0:0] -A POSTROUTING   -j MASQUERADE'/ etc/ublinux/iptables
#fi

# Сделать:
# Для ufw найти как добавить, что-бы в /etc/ufw/before.rules перед строчкой -A ufw-before-input -j ufw-not-local вставить:
# -A ufw-before-output -m owner --uid-owner tor -p tcp -j ACCEPT
#