#!/bin/bash
# $Id: ipt-pass-all,v 1.2 2015/10/19 01:08:12 friedman Exp $

protos='iptables ip6tables'

currentfilter()
{
    {
        for prog in $protos; do
            $prog -L INPUT -n
        done
    } | grep ipt-pass-all
}

ipt()
{
  local op=$1
  local proto=$2
  shift 2

  set fnord \
      $op INPUT \
      -p $proto \
      -m comment \
      --comment "ipt-pass-all" \
      "$@" \
      -j ACCEPT
  shift

  for prog in $protos; do
      echo + $prog "$@"
      $prog "$@"
  done
}

main()
{
  case ${EUID-${UID-`id -u`}} in
    0 ) : ;;
    * ) exec sudo "$0" "$@" ;;
  esac

  op=$1
  shift

  case $op in
    on  | allow | enable  )
        if currentfilter > /dev/null; then
            echo "ipt-pass-all is already enabled"
            exit 0
        fi

        ipt -I tcp "$@"
        ipt -I udp "$@" ;;
    off | deny  | disable )
        if ! currentfilter > /dev/null; then
            echo "ipt-pass-all is already disabled"
            exit 0
        fi

        ipt -D tcp "$@"
        ipt -D udp "$@" ;;
    status )
        if ! currentfilter ; then
            echo "ipt-pass-all is disabled"
        fi ;;
    * ) echo "Usage: ${0##*/} [allow|deny|status]" 1>&2 ; exit 1 ;;
  esac
}

main "$@"

# eof