## -*- mode: shell-script; -*-
##
## To be able to make changes to the part of configuration created
## from this configlet you need to copy this file to the directory
## fwbuilder/configlets/sveasoft/ in your home directory and modify it.
## Double "##" comments are removed during processing but single "#"
## comments are be retained and appear in the generated script. Empty
## lines are removed as well.
##
## Configlets support simple macro language with these constructs:
## {{$var}} is variable expansion
## {{if var}} is conditional operator.
##
## This configlet defines commands executed when iptables script is ran
## with command line argument "status". Exit codes are defined in
## http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
## Script should return with exit code 0 if iptables rules are loaded and
## 3 otherwise.

status_action() {
{{if coexistence_mode}}
    # Coexistence mode: check for FirewallFabrik's own prefixed chains.
    # Counting all chains would give false positives when Docker,
    # CrowdSec or fail2ban create their own chains.
    $IPTABLES {{$opt_wait}} -L -n 2>/dev/null | grep -q "^Chain {{$table_name}}_" && {
        echo "Firewall is active"
        return 0
    }
{{endif}}
{{if flush_mode}}
    # Full-flush mode: check if iptables has user-defined chains
    # (more than just the three built-in chains INPUT/FORWARD/OUTPUT).
    chains=$($IPTABLES {{$opt_wait}} -L -n 2>/dev/null | grep -c "^Chain ")
    [ "$chains" -gt 3 ] && {
        echo "Firewall is active"
        return 0
    }
{{endif}}
    echo "Firewall is not configured"
    exit 3
}
