#! /bin/sh
# /etc/init.d/bridge

EBTABLES=/sbin/ebtables
IP=/sbin/ip
BRCTL=/usr/sbin/brctl

case "$1" in
  start)
    # Set up the vmnet1 <-> eth0 bridge
    # Delete any inet ip addresses on vmnet1 and eth0
    $IP -f inet addr del dev eth0
    #$IP -f inet addr del dev vmnet1
    # oops, vmware complains like hell if you don't have
    # addresses on the virtual interfaces...even though
    # they're not needed

    # Create the bridging group and enslave vmnet1 and eth0
    $BRCTL addbr br0
    $BRCTL addif br0 vmnet1
    $BRCTL addif br0 eth0

    # Make sure br0, vmnet1 and eth0 are UP
    $IP link set vmnet1 up
    $IP link set eth0 up
    $IP link set br0 up

    # Add an IP address and corresponding route to br0
    $IP addr add 192.168.0.4/24 brd + dev br0
    $IP route add 192.168.0.0/24 via dev br0

    # Add the default route
    $IP route add default via 192.168.0.1


    # Set up the ebtables filtering rules
    # Default DROP policy on all forwarded frames
    $EBTABLES -t filter -P FORWARD DROP

    # Allow IP traffic destined outside the internal net
    # coming from the vmnet1 interface
    $EBTABLES -t filter -A FORWARD -i vmnet1 -p IPV4 \
      --ip-destination \! 192.168.0.0/24 -j ACCEPT

    # Allow IP traffic forwarded to the vmnet1 interface
    # coming from outside the internal net
    $EBTABLES -t filter -A FORWARD -o vmnet1 -p IPV4 \
      --ip-source \! 192.168.0.0/24 -j ACCEPT

    # DROP traffic (non-forwarded) to the bridge host
    # from the vmnet1 interface
    $EBTABLES -t filter -A INPUT -i vmnet1 -j DROP

    ;;
  stop)
    ;;
  restart)
    ;;
  *)
    echo "Usage: /etc/init.d/$NAME {start|stop|restart}"
    exit 1
    ;;
esac

exit 0