## -*- mode: shell-script; -*- 
##
## Lines that start with "##" will be removed before this code is
## added to the generated script. Regular shell comments can be added
## using single "#", these will appear in the script.
##
##
## These are commands built-in policy installer runs on the firewall if
## installation is performed using root account for authentication
##
##  Variables:
##
##  {{$fwbpromp}}   -- "magic" prompt that installer uses to detect when it is logged in
##  {{$fwdir}}      -- directory on the firewall
##  {{$fwscript}}   -- script name on the firewall
##  {{$rbtimeout}}  -- rollback timeout
##


{{if run}}
echo '{{$fwbprompt}}';
chmod +x {{$fwdir}}/{{$fwscript}};
/usr/sbin/nvram unset rc_firewall;
/usr/sbin/nvram set rc_firewall="{{$fwdir}}/{{$fwscript}}";
/usr/sbin/nvram commit;
sh {{$fwdir}}/{{$fwscript}} && ( test -f /var/run/shutdown.pid && shutdown -c; echo 'Policy activated' )
{{endif}}

{{if test}}

## sudo -b runs process in the background. Useful, even if this is executed as root
{{if with_rollback}}
echo '{{$fwbprompt}}';
cp /tmp/crontab /tmp/crontab.o;
echo '* * * * * root cat /tmp/crontab.o > /tmp/crontab; reboot -d{{$rbtimeout_sec}}' >> /tmp/crontab;
chmod +x /tmp/{{$fwscript}};
sh /tmp/{{$fwscript}} && echo 'Policy activated'
{{endif}}

{{if no_rollback}}
echo '{{$fwbprompt}}';
chmod +x /tmp/{{$fwscript}};
sh /tmp/{{$fwscript}} && echo 'Policy activated'
{{endif}}


{{endif}}


