#!/bin/bash
%set interfaces = dict()
%for %%interface in %%creole_client.get_interfaces()
    %set %%interfaces.setdefault(%%interface['container_group'], {})[%%interface['linkto']] = %%interface['name']
%end for
## Reinitialisation des chaines
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F

## on vide les regles utilisateurs
/sbin/iptables -X
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -X

## mise en place de la politique par defaut
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT

/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
%set %%created_int = []
%for %%interface in %%interfaces.get(%%current_container['name'], {}).values()
    %if %%interface not in %%created_int
        %set %%chain = %%interface + '-root'
/sbin/iptables -N %%chain
/sbin/iptables -A INPUT -i %%interface -j %%chain
        %%created_int.append(%%interface)
    %end if
%end for
/sbin/iptables -A containers-root -j ACCEPT
