#!/bin/sh

if [ -f /etc/iptables.cfg ]; then
	rm /etc/iptables.cfg
fi
	
echo "#!/bin/sh" > /etc/iptables.cfg

echo >> /etc/iptables.cfg     

echo "#This script has been generated by knetfilter Rule saving function" >> /etc/iptables.cfg 

echo >> /etc/iptables.cfg     

echo "iptables -F" >> /etc/iptables.cfg     
echo "iptables -t nat -F" >> /etc/iptables.cfg     
echo "iptables -t mangle -F" >> /etc/iptables.cfg     

export input="`iptables -L INPUT -n | grep -v target | grep -v Chain  | awk '{print gensub (/spt:/, "--sport ", 1)}'|  awk '{print gensub (/spts:/, "--sport ", 1)}' |  awk '{print gensub (/dpt:/, "--dport ", 1)}' | awk '{print gensub (/dpts:/, "--dport ", 1)}' | awk '{print gensub (/type/, "--icmp-type ", 1)}' | awk '{print gensub (/reject-with icmp-port-unreachable/, " " ,1)}' | awk '{print gensub (/flags:0x0216\/0x022/, "--syn " ,1)}' |  awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}'| awk '{print "iptables -A INPUT", "-p", $2, $6, $7, $8, $9, $10, "-s", $4, "-d", $5, "-j", $1, ";"}'`" 

echo -e $input >> /etc/iptables.cfg

export forward="`iptables -L FORWARD -n | grep -v target | grep -v Chain  | awk '{print gensub (/spt:/, "--sport ", 1)}'|  awk '{print gensub (/spts:/, "--sport ", 1)}' |  awk '{print gensub (/dpt:/, "--dport ", 1)}' | awk '{print gensub (/dpts:/, "--dport ", 1)}' | awk '{print gensub (/type/, "--icmp-type ", 1)}' | awk '{print gensub (/reject-with icmp-port-unreachable/, " " ,1)}' | awk '{print gensub (/flags:0x0216\/0x022/, "--syn " ,1)}' | awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}' | awk '{print "iptables -A FORWARD", "-p", $2, $6, $7, $8, $9, $10, "-s", $4, "-d", $5, "-j", $1, ";"}'`" 

echo -e $forward >> /etc/iptables.cfg

export output="`iptables -L OUTPUT -n | grep -v target | grep -v Chain  | awk '{print gensub (/spt:/, "--sport ", 1)}'|  awk '{print gensub (/spts:/, "--sport ", 1)}' |  awk '{print gensub (/dpt:/, "--dport ", 1)}' | awk '{print gensub (/dpts:/, "--dport ", 1)}' |awk '{print gensub (/type/, "--icmp-type ", 1)}' | awk '{print gensub (/reject-with icmp-port-unreachable/, " " ,1)}' | awk '{print gensub (/flags:0x0216\/0x022/, "--syn " ,1)}' | awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}' | awk '{print "iptables -A OUTPUT", "-p", $2, $6, $7, $8, $9, $10, "-s", $4, "-d", $5, "-j", $1, ";"}'`" 

echo -e $output >> /etc/iptables.cfg

export chain="`iptables -L -n -v | grep Chain | awk '{print "iptables -P", $2, $4, ";"}'`" 

echo -e $chain >> /etc/iptables.cfg

# NAT AND MASQUERADE

export nat_prerouting="`iptables -t  nat -L PREROUTING -n |  grep -v target | grep -v Chain  | awk '{print gensub(/spt:/, "--source-port ", 1)}' | awk '{print gensub(/spts:/, "--source-port ", 1)}' | awk '{print gensub(/dpt:/, "--destination-port ", 1)}' | awk '{print gensub(/dpts:/, "--destination-port ", 1)}' | awk '{print gensub(/redir ports/, "--to ", 1)}' | awk '{print gensub(/to:/, "--to ", 1)}' | awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}' | awk '{print "iptables -t nat -A PREROUTING", "-p", $2,  "-j", $1, "-s", $4, "-d", $5, $6, $7, $8, $9, $10, $11, $12, ";"}'`"

echo -e $nat_prerouting >> /etc/iptables.cfg

export nat_postrouting="`iptables -t  nat -L POSTROUTING -n | grep -v target | grep -v Chain  | awk '{print gensub(/spt:/, "--source-port ", 1)}' | awk '{print gensub(/spts:/, "--source-port ", 1)}' | awk '{print gensub(/dpt:/, "--destination-port ", 1)}' | awk '{print gensub(/dpts:/, "--destination-port ", 1)}' | awk '{print gensub(/redir ports/, "--to ", 1)}' | awk '{print gensub(/type/, "--icmp-type ", 1)}' | awk '{print gensub(/to:/, "--to ", 1)}' | awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}' | awk '{print "iptables -t nat -A POSTROUTING", "-p", $2,  "-j", $1, "-s", $4, "-d", $5, $6, $7, $8, $9, $10, $11, $12, ";"}'`"

echo -e $nat_postrouting >> /etc/iptables.cfg

export nat_output="`iptables -t  nat -L OUTPUT -n |  grep -v target | grep -v Chain  | awk '{print gensub(/spt:/, "--source-port ", 1)}' | awk '{print gensub(/spts:/, "--source-port ", 1)}' | awk '{print gensub(/dpt:/, "--destination-port ", 1)}' | awk '{print gensub(/dpts:/, "--destination-port ", 1)}' | awk '{print gensub(/redir ports/, "--to ", 1)}' | awk '{print gensub(/to:/, "--to ", 1)}' | awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}' | awk '{print "iptables -t nat -A OUTPUT", "-p", $2,  "-j", $1, "-s", $4, "-d", $5, $6, $7, $8, $9, $10, $11, $12, ";"}'`"

echo -e $nat_output >> /etc/iptables.cfg

export nat_chain="`iptables -t nat -L -n -v | grep Chain | awk '{print "iptables -t nat -P", $2, $4, ";"}'`" 
echo -e $nat_chain >> /etc/iptables.cfg

# MANGLE

export mangle_prerouting="`iptables -t mangle -L PREROUTING -n |  grep -v target | grep -v Chain | grep -v LOG | awk '{print gensub(/spt:/, "--source-port ", 1)}' | awk '{print gensub(/spts:/, "--source-port ", 1)}' | awk '{print gensub(/dpt:/, "--destination-port ", 1)}' | awk '{print gensub(/dpts:/, "--destination-port ", 1)}' | awk '{print gensub (/type/, "--icmp-type ", 1)}' | awk '{print gensub (/icmp --icmp-type/, "--icmp-type ", 1)}' | awk '{print gensub (/reject-with icmp-port-unreachable/, " " ,1)}' | awk '{print gensub (/tcp flags:0x0216\/0x022 TOS/, "--syn " ,1)}' | awk '{print gensub (/tcp flags:0x0216\/0x022 MARK/, "--syn " ,1)}' | awk '{print gensub(/set/, "--set-tos", 1)}' | awk '{print gensub(/TOS --set-tos/, "--set-tos", 1)}' | awk '{print gensub(/MARK --set-tos/, "--set-mark ", 1)}' | awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}' | awk '{print "iptables -t mangle -A PREROUTING", "-p", $2, "-j", $1, $6, $7, $8, $9, "-s", $4, "-d", $5, $10, $11, $12, $13, $14, $15, $16, $17, $18, ";"}'`"

echo $mangle_prerouting >> /etc/iptables.cfg

export mangle_output="`iptables -t mangle -L OUTPUT -n |  grep -v target | grep -v Chain | grep -v LOG | awk '{print gensub(/spt:/, "--source-port ", 1)}' | awk '{print gensub(/spts:/, "--source-port ", 1)}' | awk '{print gensub(/dpt:/, "--destination-port ", 1)}' | awk '{print gensub(/dpts:/, "--destination-port ", 1)}' | awk '{print gensub (/type/, "--icmp-type ", 1)}' | awk '{print gensub (/icmp --icmp-type/, "--icmp-type ", 1)}' | awk '{print gensub (/reject-with icmp-port-unreachable/, " " ,1)}' | awk '{print gensub (/tcp flags:0x0216\/0x022 TOS/, "--syn " ,1)}' | awk '{print gensub (/tcp flags:0x0216\/0x022 MARK/, "--syn " ,1)}' | awk '{print gensub(/set/, "--set-tos", 1)}' | awk '{print gensub(/TOS --set-tos/, "--set-tos", 1)}' | awk '{print gensub(/MARK --set-tos/, "--set-mark ", 1)}' | awk '{print gensub(/tcp/, " ", 2)}' |  awk '{print gensub(/udp/, " ", 2)}' | awk '{print "iptables -t mangle -A OUTPUT", "-p", $2, "-j", $1, $6, $7, $8, $9, "-s", $4, "-d", $5, $10, $11, $12, $13, $14, $15, $16, $17, $18, ";"}'`"

echo $mangle_output >> /etc/iptables.cfg

export mangle_chain="`iptables -t mangle -L -n -v | grep Chain | awk '{print "iptables -t mangle -P", $2, $4, ";"}'`"
echo -e $mangle_chain >> /etc/iptables.cfg 

chmod 755 /etc/iptables.cfg

