#!/bin/sh -
#
# An normal proxy should not have an defaultrouter configured, as all calls to
# the outside world are handled via PF redirects.
#
# Rick van der Zwet <rick@wirelessleiden.nl>

# Little hack to load the available functions in case we are running this as an
# standalone script (for testing mostly).
if [ -z "$exit_status" ]; then
 grep -v 'exit $exit_status' /sbin/dhclient-script | eval
fi

. /etc/rc.subr

: ${service_proxy_normal="NO"}
: ${service_proxy_ileiden="NO"}
: ${service_accesspoint="NO"}

load_rc_config 'ileiden'

update_pf_conf() {
  # Make sure not to nuke the default route on an ileiden proxy,
  # as it will rendering it usefull
  checkyesno "service_proxy_ileiden" || return

  if checkyesno "service_proxy_normal" && checkyesno "service_accesspoint"; then
    if is_default_interface; then
      new_ext_if_gw=`route -n get default | awk '/gateway/ {print $2}'`
      if [ -n "$new_ext_if_gw" ]; then
        if [ -a "$new_ext_if_gw" != "$ext_if_gw" ];  then
         info "Reloading PF firewall to load new ext_if_gw=$ext_if_gw"
         { grep -v '^ext_if_gw=' $rc_conf_running; echo "ext_if_gw=$new_ext_if_gw"; } > $rc_conf_running
         /etc/rc.d/pf reload
        fi
  
        warn "Removing default route as machine is marked as service_proxy AND service_accesspoint"
        route -q del default
      fi
    fi
  fi
}

reason=${reason:-$FORCE}

case $reason in
  BOUND|RENEW|REBIND|REBOOT)
    update_pf_conf 
    ;;
  TIMEOUT)
    update_pf_conf 
    ;;
esac
  
