#!/bin/sh /etc/rc.common
START=95

start() {
	type miniupnpd_add_rules >/dev/null 2>/dev/null || \
		ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd

	config_load "upnpd"
	local extiface intiface upload download logging secure enabled natpmp
	local extip port usesystuptime

	config_get extiface config external_iface
	config_get intiface config internal_iface
	config_get extip config external_ip
	config_get port config port 5000
	config_get upload   config upload
	config_get download config download
	config_get_bool logging config log_output 0
	config_get_bool secure config secure_mode 0
	config_get_bool natpmp config enable_natpmp 0
	config_get_bool enabled config enabled 0 
	config_get_bool usesysuptime config use_system_uptime 1

	include /lib/network
	scan_interfaces

	local ifname
	config_get ifname ${extiface:-wan} ifname

	if [ -n "$ifname" ]; then
		local args="-i $ifname"
		local iface

		[ -n "$extip" ] && \
			append args "-o $extip"
		
		for iface in ${intiface:-lan}; do
			local ipaddr
			config_get ipaddr "$iface" ipaddr
			[ -n "$ipaddr" ] && append args "-a $ipaddr"
		done

		[ "$port" != "auto" ] && \
			append args "-p $port"
		
		[ "$usesysuptime" -eq 1 ] && \
			append args "-U"

		[ -n "$upload" -a -n "$download" ] && \
			append args "-B $(($download * 1024 * 8)) $(($upload * 1024 * 8))"

		[ "$secure" -gt 0 ] && \
			append args "-S"

		[ "$natpmp" -gt 0 ] && \
			append args "-N"

		# start firewall
		local zone
		config_load firewall
		config_get zone core "${extiface:-wan}_zone"
		[ -n "$zone" ] && \
			miniupnpd_add_rules "$zone" "${extiface:-wan}" "$ifname"

		if [ "$logging" = "1" ]; then
			[ "$enabled" -gt 0 ] && eval start-stop-daemon -S -x miniupnpd -- $args -d | logger -t miniupnpd &
		else
			[ "$enabled" -gt 0 ] && eval start-stop-daemon -S -x miniupnpd -- $args 2>/dev/null
		fi
	else
		logger -t "upnp daemon" "external interface not found, not starting"
	fi
}

stop() {
	start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid
	rm -f /var/run/miniupnpd.pid

	type miniupnpd_remove_rules >/dev/null 2>/dev/null || \
		ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd

	miniupnpd_remove_rules

	iptables -t nat -F MINIUPNPD 2>/dev/null
	iptables -t nat -X MINIUPNPD 2>/dev/null
	iptables -t filter -F MINIUPNPD 2>/dev/null
	iptables -t filter -X MINIUPNPD 2>/dev/null
}