#!/bin/bash
#$1 - port
#$2 - action (up/down)
DPORT=${1:-17051}
ACT=${2:-"up"}

case "${ACT}" in
    up|on)
        IS_IN_FW=`sudo /sbin/iptables -n -L INPUT|grep "10.0.0.0" | grep ACCEPT | grep -c "${DPORT}"`
        if [[ ${IS_IN_FW} -eq 0 ]]; then
            sudo /sbin/iptables -I INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -p tcp -m tcp --dport ${DPORT} -j ACCEPT
        fi
        ;;
    down|off)
        cnt=0;
        while (test `sudo /sbin/iptables -n -L INPUT|grep "10.0.0.0"| grep ACCEPT | grep -c "${DPORT}"` -gt 0 )
        do
            sudo /sbin/iptables -D INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -p tcp -m tcp --dport ${DPORT} -j ACCEPT
                        if [ $((cnt++)) -ge 15 ]; then
                                echo "failed to remove rule";
                echo `date` Failed to remove rule > /var/log/corba/iptruler.log;
                                break;
                        fi;
        done
        ;;
esac
