#!/bin/sh
echo ============================== >> {{script_log_fp}}
env >> {{script_log_fp}}

iptable_check_add(){
    local x="$@"
    iptables -C $x 2>/dev/null || iptables -A $x
}
iptable_nat_check_add(){
    local x="$@"
    iptables -t nat -C $x 2>/dev/null || iptables -t nat -A $x
}
iptable_mangle_check_add(){
    local x="$@"
    iptables -t mangle -C $x 2>/dev/null || iptables -t mangle -A $x
}

# create route table if it does not exist
if [ $(cat /etc/iproute2/rt_tables | grep {{route_table_name}} | wc -l) -eq 0 ]; then
    echo "{{route_table_id}}  {{route_table_name}}" >> /etc/iproute2/rt_tables
fi

# create group if it does not exist
if [ $(getent group|grep {{route_table_name}} | wc -l) -eq 0 ]; then
    groupadd {{route_table_name}}
fi

iptable_mangle_check_add -I OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}}
iptable_nat_check_add -t nat -I POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE
# populate route table
ip route flush table {{route_table_name}}
ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local} table {{route_table_name}}
ip route add default via ${route_vpn_gateway} table {{route_table_name}}
ip route add 192.168.122.0/24 via 192.168.122.1 dev enp1s0 table {{route_table_name}}
# add vpn_gateway to main route table
ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local}

ip rule add fwmark {{route_table_id}} table {{route_table_name}} pref {{rule_pref}} 
#ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}}
iptable_check_add -I OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT

exit 0