#!/bin/bash

is_firewall_set() {
  ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}" \
  && iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
}

wired_device=$(ip route | awk '/default via/ { print $5; }')

rm -f /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
if is_firewall_set; then  
  # IPv4

  iptables -w -D INPUT -i "${wired_device}" -j vpnclient_in
  iptables -w -D OUTPUT -o "${wired_device}" -j vpnclient_out
  iptables -w -D FORWARD -o "${wired_device}" -j vpnclient_fwd

  iptables -w -F vpnclient_in
  iptables -w -F vpnclient_out
  iptables -w -F vpnclient_fwd

  iptables -w -X vpnclient_in
  iptables -w -X vpnclient_out
  iptables -w -X vpnclient_fwd

  # IPv6
  
  ip6tables -w -D INPUT -i "${wired_device}" -j vpnclient_in
  ip6tables -w -D OUTPUT -o "${wired_device}" -j vpnclient_out
  ip6tables -w -D FORWARD -o "${wired_device}" -j vpnclient_fwd

  ip6tables -w -F vpnclient_in
  ip6tables -w -F vpnclient_out
  ip6tables -w -F vpnclient_fwd

  ip6tables -w -X vpnclient_in
  ip6tables -w -X vpnclient_out
  ip6tables -w -X vpnclient_fwd
fi