#!/bin/sh

. /lib/functions.sh

iptables -D PREROUTING -tmangle -d $PLUTO_PEER_CLIENT -m comment --comment "mwan3 exception for ipsec" -j ACCEPT 2>/dev/null
iptables -D OUTPUT -tmangle -d $PLUTO_PEER_CLIENT -m comment --comment "mwan3 exception for ipsec" -j ACCEPT 2>/dev/null

check_mwan3_enabled() {
	local config="$1"

	config_get enabled $config enabled 0
	if [ "$enabled" = 1 ] && [ "$PLUTO_PEER_CLIENT" != "0.0.0.0/0" ]; then
		iptables -I PREROUTING -tmangle -d $PLUTO_PEER_CLIENT -m comment --comment "mwan3 exception for ipsec" -j ACCEPT 2>/dev/null
		iptables -I OUTPUT -tmangle -d $PLUTO_PEER_CLIENT -m comment --comment "mwan3 exception for ipsec" -j ACCEPT 2>/dev/null
		exit 0
	fi
}

config_load mwan3
config_foreach check_mwan3_enabled interface
