#!/bin/sh

# chkconfig: 2345 07 93
# description: Automates administration of IP sets.
# config: /etc/sysconfig/ipset

IPSET_CONFIG=/etc/sysconfig/ipset
if [ ! -f $IPSET_CONFIG ]; then
	case "$1" in
	start|restart|force-reload)
		exit 0
	;;
	esac
fi

. /etc/rc.d/init.d/functions

start() {
	if [ -f $IPSET_CONFIG ]; then
		show "Applying ipset rules"
		/usr/sbin/ipset -X
		/usr/sbin/ipset -R < $IPSET_CONFIG
	   	RETVAL=$?
		if [ $RETVAL = 0 ]; then
			ok
		else
			fail
		fi
		touch /var/lock/subsys/ipset
	fi
}

stop() {
	show "Resetting ipset rules"
	/usr/sbin/ipset -X && ok || fail
	rm -f /var/lock/subsys/ipset
}

RETVAL=0
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart|force-reload)
	start
	;;
  status)
	/usr/sbin/ipset -L --sorted --numeric
	exit $?
	;;
  save)
	show "Saving current rules to %s" $IPSET_CONFIG
	touch $IPSET_CONFIG
	chmod 600 $IPSET_CONFIG
	/usr/sbin/ipset -S > $IPSET_CONFIG
   	RETVAL=$?
	if [ $RETVAL = 0 ]; then
		ok
	else
		fail
	fi
	;;
  *)
	msg_usage "$0 {start|stop|restart|force-reload|status|save}"
	exit 3
esac

exit $RETVAL
