#!/bin/sh

openvpnport=$(cat /usr/libexec/softethervpn/vpn_server.config 2>/dev/null|grep OpenVPN_UdpPortList | awk -F " " '{print $3}')
[ -z "$openvpnport" ] && openvpnport=1194
iptables -D INPUT -p udp -m multiport --dports 500,1701,4500 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null
[ -n "$openvpnport" ] && iptables -D INPUT -p udp --dport $openvpnport -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null
[ -n "$openvpnport" ] && iptables -D INPUT -p tcp --dport $openvpnport -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null
iptables -D INPUT -p tcp --dport 443 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null
iptables -D INPUT -p tcp --dport 5555 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null
iptables -D INPUT -p tcp --dport 8888 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null
iptables -D INPUT -p tcp --dport 992 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null

enable=$(uci get softethervpn.@softether[0].enable)
if [ $enable -eq 1 ]; then
	iptables -I INPUT -p udp -m multiport --dports 500,1701,4500 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT 2>/dev/null
	iptables -I INPUT -p udp --dport $openvpnport -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT
	iptables -I INPUT -p tcp --dport $openvpnport -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT
	iptables -I INPUT -p tcp --dport 443 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT
	iptables -I INPUT -p tcp --dport 5555 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT
	iptables -I INPUT -p tcp --dport 8888 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT
	iptables -I INPUT -p tcp --dport 992 -m comment --comment "Rule For SoftEther VPN Server" -j ACCEPT
fi