#!/bin/bash

usage() {
	echo "$(basename $0) [enable|disable]" 1>&2
	exit 1
}

LOCKFILE=/tmp/.gls-dns-forward-disabled

if [[ $# -gt 1 ]]
then
	usage
elif [[ $# -eq 0 ]]
then
    if [[ -f ${LOCKFILE} ]]
    then
	echo 'Info: DNS packets are not forwarded through this host.'
    else
	echo 'Info: no restriction on DNS traffic through this host.'
    fi
elif [[ "$1" = enable ]]
then
    if [[ -f ${LOCKFILE} ]]
    then
	iptables -D FORWARD -s 192.168.0.0/24 -p udp --dport 53 -j REJECT
	rm -f ${LOCKFILE}
    else
	echo 'Info: nothing done - DNS already forwarded through firewall.'
    fi
elif [[ "$1" = disable ]]
then
    if ! [[ -f ${LOCKFILE} ]]
    then
	iptables -I FORWARD -s 192.168.0.0/24 -p udp --dport 53 -j REJECT
	touch ${LOCKFILE}
    else
	echo 'Info: nothing done - DNS not forwarding through firewall.'
    fi
else
	usage
fi
exit 0
