#!/bin/sh
# config script for arno-iptables-firewall

set -e
. /usr/share/debconf/confmodule

CONFIGFILE=/etc/arno-iptables-firewall/conf.d/00debconf.conf

is_preconfiguring () {
    local p=$$
    while [ $p -gt 1 ]; do
        if [ `ps --no-headers -o comm $p` = 'dpkg-preconfigu' ]; then
            return 0
        fi
        p=`ps --no-headers -o ppid $p`
    done
    return 1
}

db_version 2.0
db_capb backup
db_settitle arno-iptables-firewall/title

# Load config file, if it exists.
if [ -e $CONFIGFILE ]; then
    . $CONFIGFILE || true

    # The fact that there is a debconf config file implies
    # that debconf management is requested.
    db_set arno-iptables-firewall/debconf-wanted true

    # Store the current value of the EXT_IF var into
    # debconf db.
    db_set arno-iptables-firewall/config-ext-if $EXT_IF
    if [ "$EXT_IF_DHCP_IP" = "1" ]; then
        db_set arno-iptables-firewall/dynamic-ip true
    else
        db_set arno-iptables-firewall/dynamic-ip false
    fi

    db_set arno-iptables-firewall/services-tcp $OPEN_TCP
    db_set arno-iptables-firewall/services-udp $OPEN_UDP

    if [ "$NAT" = "1" ]; then
        db_set arno-iptables-firewall/nat true
    else
        db_set arno-iptables-firewall/nat false
    fi

    db_set arno-iptables-firewall/config-int-if $INT_IF

    db_set arno-iptables-firewall/config-int-net $INTERNAL_NET
    db_set arno-iptables-firewall/config-int-nat-net $NAT_INTERNAL_NET

    if [ "$OPEN_ICMP" = "1" ]; then
        db_set arno-iptables-firewall/icmp-echo true
    else
        db_set arno-iptables-firewall/icmp-echo false
    fi
fi # load config file

# This implements a simple state machine so the back button can be handled.
# taken from debconf demo example
STATE=1
while [ "$STATE" != 0 -a "$STATE" != 11 ]; do
    case $STATE in
        1)
            db_input high arno-iptables-firewall/debconf-wanted || true
        ;;
        2)
            # This could be a multiselect question. Get all interfaces this way:
            # db_subst arno-iptables-firewall/config-ext-if DETECTED `ifconfig -a | grep HWaddr | sed -e 's/[       ][      ]*Link.*/,/;s/:[0-9]*//' | sort -u`
            # The problem is that currently not connected usb-net devices cannot be
            # configured. Is this important?
            db_input critical arno-iptables-firewall/config-ext-if || true
            # include check for empty ext_if -> restarting the firewall will fail otherwise
        ;;
        3)
            db_input low arno-iptables-firewall/dynamic-ip || true
        ;;
        4)
            db_beginblock
            db_input high arno-iptables-firewall/services-tcp || true
            db_input high arno-iptables-firewall/services-udp || true
            db_endblock
        ;;
        5)
            db_input low arno-iptables-firewall/icmp-echo || true
        ;;
        6)
            db_input high arno-iptables-firewall/config-int-if || true
        ;;
        7)
            db_get arno-iptables-firewall/config-int-if
            if [ "$RET" != "" ]; then
                db_input high arno-iptables-firewall/config-int-net || true
            else
                db_set arno-iptables-firewall/nat false
                db_set arno-iptables-firewall/config-int-net ""
                db_set arno-iptables-firewall/config-int-nat-net ""
            fi
        ;;
        8)
            db_get arno-iptables-firewall/config-int-if
            if [ "$RET" != "" ]; then
                db_input low arno-iptables-firewall/nat || true
            fi
        ;;
        9)
            db_get arno-iptables-firewall/config-int-if
            if [ "$RET" != "" ]; then
                db_get arno-iptables-firewall/nat
                if [ "$RET" = "true" ]; then
                    db_input low arno-iptables-firewall/config-int-nat-net || true
                else
                    db_set arno-iptables-firewall/config-int-nat-net ""
                fi
            fi
        ;;
        10)
            # make sure this question is displayed everytime the configuration
            # might need inspection
            if ! is_preconfiguring; then
                db_fset arno-iptables-firewall/restart seen false
                db_input critical arno-iptables-firewall/restart || true
            fi
        ;;
    esac

    if db_go; then
        STATE=$(($STATE + 1))
    else
        STATE=$(($STATE - 1))
    fi

    # check whether debconf is still welcome
    db_get arno-iptables-firewall/debconf-wanted
    if [ "$RET" != "true" ]; then
        STATE=0
    fi
done

db_stop

