#!/bin/sh
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
#         Athmane Madjoudj <athmanem@gmail.com>

t_Log "Running $0 - iptables functional check - deny ping on loopback"

if [ "$centos_ver" -ge 7 ];then
 t_Log "CentOS $centos_ver uses firewalld and not iptables -> SKIP"
 t_CheckExitStatus 0
 exit 0
fi


ACL='INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -p icmp -m icmp -j REJECT'
COUNT='4'
DEADTIME='1'

# ensure we have the default iptables-setting
#/etc/init.d/iptables restart > /dev/null
service iptables restart

# Verify it worked previously
ping -q -c $COUNT -i 0.25 127.0.0.1 |grep -qc "${COUNT} received"

if [ $? == 1 ]
  then
  t_Log "ping to loopback failed prior to test, this should not happen"
  t_CheckExitStatus 1
fi

# Applying ACL
iptables -I ${ACL}

ping -q -c $COUNT -i 0.25 -w $DEADTIME 127.0.0.1 > /dev/null 2>&1
if [ $? == 1 ]
  then
  t_Log "iptables REJECT works fine"
  ret_val=0
else
  ret_val=1
fi

# cleanup
service iptables restart
#/etc/init.d/iptables restart > /dev/null

t_CheckExitStatus $ret_val