#!/bin/bash

Me='pasvmap'
MyVersion='0.1.1'

case "$2" in
insert)
	Loc=' -I '
	;;
*)
	Loc=' -A '
	;;
esac

Action="$1"
case "$Action" in
start)
	echo "Starting $Me"
	iptables -N $Me

	cat tcpservers | sort | uniq | while read IP Port ; do
		if [ -n "$Port" ]; then
			sudo iptables -A pasvmap -p tcp -s "$IP" --sport "$Port" -j RETURN
		else
			sudo iptables -A pasvmap -p tcp -s "$IP" -j RETURN
		fi
	done

	iptables -A $Me -j LOG --log-prefix "FB-livetcpserver "

	iptables $Loc INPUT -i \! lo -p tcp --tcp-flags SYN,ACK,FIN,RST SYN,ACK -m state --state established	-j $Me
	iptables $Loc FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN,ACK -m state --state established		-j $Me
	iptables $Loc OUTPUT -p tcp --tcp-flags SYN,ACK,FIN,RST SYN,ACK -m state --state established		-j $Me
	;;
stop)
	echo "Stopping $Me"
	iptables -D INPUT -i \! lo -p tcp --tcp-flags SYN,ACK,FIN,RST SYN,ACK -m state --state established	-j $Me
	iptables -D FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN,ACK -m state --state established		-j $Me
	iptables -D OUTPUT -p tcp --tcp-flags SYN,ACK,FIN,RST SYN,ACK -m state --state established		-j $Me

	iptables -D $Me -j LOG --log-prefix "FB-livetcpserver "

	iptables -F $Me

	iptables -X $Me
	;;
esac