#!/bin/bash
#
# VERSION=1
# CHANGES="open HTTP / HTTPS port after a hardware factory reset"

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/bin:/usr/local/sbin:/usr/fallback
BEROCONF=/usr/fallback/beroconf

iface="eth0"
if [ "$(${BEROCONF} get root lan-ports | /bin/grep -v failed)" = "2" ]; then
	iface="${iface}.10"
fi

case "${1}" in
	start)
		## Hardware Factory Reset occured
		## Open the HTTP and HTTPS port for update or recovery mode
		if [[ -f /usr/conf/need_red_activate ]] || [[ "$(${BEROCONF} get root boot_recoverymode | grep -v failed)" = "1" ]] ; then
			iptables -A INPUT -i ${iface} -p tcp -s 0.0.0.0/0 --dport 80 -j ACCEPT >/dev/null
			iptables -A INPUT -i ${iface} -p tcp -s 0.0.0.0/0 --dport 443 -j ACCEPT >/dev/null
		fi
		## Normal behavior. The GUI access is managed by the appfs space (S03acl script)
		;;
	stop)
		iptables -D INPUT -i ${iface} -p tcp -s 0.0.0.0/0 --dport 80 -j ACCEPT >/dev/null
		iptables -D INPUT -i ${iface} -p tcp -s 0.0.0.0/0 --dport 443 -j ACCEPT >/dev/null
		;;
	restart)
		${0} stop
		${0} start
		;;
	*)
		echo "Usage: ${0} {start|stop|restart}" >&2
		exit 1
		;;
esac

exit 0
