#!/bin/sh

# Initialize library
MOD_CP_LIB=/opt/captive_portal/usr/libexec/functions
[ -f "$MOD_CP_LIB" ] || exit 2
. $MOD_CP_LIB

# Prepare environment
get_public_iface_info

# Enable customer by IP
cust_enable_by_ip()
{
  IP=$1
  IF_IP=$2
  iptables -I $MOD_CP_CHAIN_FWU -s $IP -j ACCEPT
  iptables -I $MOD_CP_CHAIN_FWD -d $IP -j ACCEPT
  iptables -t nat -I $MOD_CP_CHAIN_PRE -s $IP ! -d $IF_IP -j ACCEPT
}

add_ipt_rules_ub()
{
  URL_LIST=$(grep "URL[0-9]" $MOD_CP_CONF_FILE)
  for LINE in $URL_LIST; do
    URL=${LINE#*=}
    [ -n "$URL" ] || continue;
    URL=$(echo "$URL" | awk '{print tolower($0)}')
    URL=${URL#www.}
    LEN=${#URL}
    POS=$(($LEN - 2))
    if [ ".*" == "${URL:$POS:2}" ]; then
      URL=${URL:0:$POS}
      HEXURL="$(url_to_hex $URL)""02"
      iptables -A $MOD_CP_CHAIN_UB -m string --algo bm --icase --hex-string "|$HEXURL|" -j REJECT
      HEXURL="$(url_to_hex $URL)""03"
      iptables -A $MOD_CP_CHAIN_UB -m string --algo bm --icase --hex-string "|$HEXURL|" -j REJECT
    else
      HEXURL=$(url_to_hex $URL)
      iptables -A $MOD_CP_CHAIN_UB -m string --algo bm --icase --hex-string "|$HEXURL|" -j REJECT
    fi
  done
  iptables -A $MOD_CP_CHAIN_UB -j ACCEPT
}

# Execute command
case "$1" in
    start)
        PORT_WP=$2
        PORT_BP=$3
        if [ -z "$PORT_WP" ] || [ -z "$PORT_BP" ]; then
          exit 4
        fi
        iptables -N $MOD_CP_CHAIN_IN
        if [ "$MOD_CP_URL_BLOCKER_ENABLED" = "1" ]; then
          iptables -N $MOD_CP_CHAIN_UB
          add_ipt_rules_ub;
          iptables -A $MOD_CP_CHAIN_IN -p udp --dport 53 -j $MOD_CP_CHAIN_UB
          iptables -A $MOD_CP_CHAIN_IN -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
          if [ -n "$PUBLIC_IF1_NAME" ]; then
            iptables -A FORWARD -i $PUBLIC_IF1_NAME  -p udp --dport 53 -j $MOD_CP_CHAIN_UB
            iptables -A FORWARD -i $PUBLIC_IF1_NAME  -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
          fi
          if [ -n "$PUBLIC_IF2_NAME" ]; then
            iptables -A FORWARD -i $PUBLIC_IF2_NAME  -p udp --dport 53 -j $MOD_CP_CHAIN_UB
            iptables -A FORWARD -i $PUBLIC_IF2_NAME  -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
          fi
          if [ -n "$PUBLIC_IF3_NAME" ]; then
            iptables -A FORWARD -i $PUBLIC_IF3_NAME  -p udp --dport 53 -j $MOD_CP_CHAIN_UB
            iptables -A FORWARD -i $PUBLIC_IF3_NAME  -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
          fi
        else
          iptables -A $MOD_CP_CHAIN_IN -p udp --dport 53 -j ACCEPT
          iptables -A $MOD_CP_CHAIN_IN -p tcp --dport 53 -j ACCEPT
        fi
        iptables -A $MOD_CP_CHAIN_IN -p tcp --dport $PORT_WP -j ACCEPT
        iptables -A $MOD_CP_CHAIN_IN -p tcp --dport $PORT_BP -j ACCEPT
        iptables -A $MOD_CP_CHAIN_IN -p icmp -j ACCEPT
        iptables -A $MOD_CP_CHAIN_IN -j DROP
        if [ -n "$PUBLIC_IF1_NAME" ]; then
          iptables -I INPUT -i $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_IN
          iptables -N $MOD_CP_CHAIN_UT_TX1
          iptables -N $MOD_CP_CHAIN_UT_RX1
          # rules for traffic determination
          # web browsing
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 80 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 443 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 80 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 443 -j RETURN
          # ftp services
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 20 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 21 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 20 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 21 -j RETURN
          # smtp services
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 25 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 25 -j RETURN
          # email services
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 110 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 143 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 220 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 993 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX1 -p tcp --sport 995 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX1 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 110 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 143 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 220 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 993 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -p tcp --dport 995 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX1 -j RETURN
          iptables -A FORWARD -s $PUBLIC_IF1_NETWORK/$PUBLIC_IF1_NETMASK -j $MOD_CP_CHAIN_UT_TX1
          iptables -A FORWARD -d $PUBLIC_IF1_NETWORK/$PUBLIC_IF1_NETMASK -j $MOD_CP_CHAIN_UT_RX1
        fi
        if [ -n "$PUBLIC_IF2_NAME" ]; then
          iptables -I INPUT -i $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_IN
          iptables -N $MOD_CP_CHAIN_UT_TX2
          iptables -N $MOD_CP_CHAIN_UT_RX2
          # rules for traffic determination
          # web browsing
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 80 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 443 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 80 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 443 -j RETURN
          # ftp services
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 20 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 21 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 20 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 21 -j RETURN
          # smtp services
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 25 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 25 -j RETURN
          # email services
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 110 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 143 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 220 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 993 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX2 -p tcp --sport 995 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX2 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 110 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 143 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 220 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 993 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -p tcp --dport 995 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX2 -j RETURN
          iptables -A FORWARD -s $PUBLIC_IF2_NETWORK/$PUBLIC_IF2_NETMASK -j $MOD_CP_CHAIN_UT_TX2
          iptables -A FORWARD -d $PUBLIC_IF2_NETWORK/$PUBLIC_IF2_NETMASK -j $MOD_CP_CHAIN_UT_RX2
        fi
        if [ -n "$PUBLIC_IF3_NAME" ]; then
          iptables -I INPUT -i $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_IN
          iptables -N $MOD_CP_CHAIN_UT_TX3
          iptables -N $MOD_CP_CHAIN_UT_RX3
          # rules for traffic determination
          # web browsing
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 80 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 443 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 80 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 443 -j RETURN
          # ftp services
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 20 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 21 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 20 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 21 -j RETURN
          # smtp services
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 25 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 25 -j RETURN
          # email services
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 110 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 143 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 220 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 993 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX3 -p tcp --sport 995 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_RX3 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 110 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 143 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 220 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 993 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -p tcp --dport 995 -j RETURN
          iptables -A $MOD_CP_CHAIN_UT_TX3 -j RETURN
          iptables -A FORWARD -s $PUBLIC_IF3_NETWORK/$PUBLIC_IF3_NETMASK -j $MOD_CP_CHAIN_UT_TX3
          iptables -A FORWARD -d $PUBLIC_IF3_NETWORK/$PUBLIC_IF3_NETMASK -j $MOD_CP_CHAIN_UT_RX3
        fi

        # rules for dropping traffic from unlogged users
        # upload + download
        iptables -N $MOD_CP_CHAIN_FWU
        iptables -A $MOD_CP_CHAIN_FWU -j DROP
        iptables -N $MOD_CP_CHAIN_FWD
        iptables -A $MOD_CP_CHAIN_FWD -j DROP
        if [ "$MOD_CP_EXCEPTION_ENABLED" == "1" ]; then
          # exception for a device (i.e. external WiFi AP on eth0) allowing the device managment
          iptables -I $MOD_CP_CHAIN_FWU -m mac --mac-source $MOD_CP_EXCEPTION_MAC -j ACCEPT
          iptables -I $MOD_CP_CHAIN_FWD -d $MOD_CP_EXCEPTION_IPADDR -j ACCEPT
        fi
        if [ -n "$PUBLIC_IF1_NAME" ]; then
          iptables -A FORWARD -i $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_FWU
          iptables -A FORWARD -o $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_FWD
        fi
        if [ -n "$PUBLIC_IF2_NAME" ]; then
          iptables -A FORWARD -i $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_FWU
          iptables -A FORWARD -o $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_FWD
        fi
        if [ -n "$PUBLIC_IF3_NAME" ]; then
          iptables -A FORWARD -i $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_FWU
          iptables -A FORWARD -o $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_FWD
        fi

        # NAT rules for redirect to welcome page
        # http request to ip address (public interface) of the router is not allowed
        iptables -t nat -N $MOD_CP_CHAIN_PRE
        if [ -n "$PUBLIC_IF1_NAME" ]; then
          iptables -t nat -A $MOD_CP_CHAIN_PRE -p tcp -s $PUBLIC_IF1_NETWORK/$PUBLIC_IF1_NETMASK ! -d  $PUBLIC_IF1_IP --dport 80 -j REDIRECT --to-ports $PORT_WP
          iptables -t nat -I PREROUTING -i $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_PRE
        fi
        if [ -n "$PUBLIC_IF2_NAME" ]; then
          iptables -t nat -A $MOD_CP_CHAIN_PRE -p tcp -s $PUBLIC_IF2_NETWORK/$PUBLIC_IF2_NETMASK ! -d  $PUBLIC_IF2_IP --dport 80 -j REDIRECT --to-ports $PORT_WP
          iptables -t nat -I PREROUTING -i $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_PRE
        fi
        if [ -n "$PUBLIC_IF3_NAME" ]; then
          iptables -t nat -A $MOD_CP_CHAIN_PRE -p tcp -s $PUBLIC_IF3_NETWORK/$PUBLIC_IF3_NETMASK ! -d  $PUBLIC_IF3_IP --dport 80 -j REDIRECT --to-ports $PORT_WP
          iptables -t nat -I PREROUTING -i $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_PRE
        fi
        if [ "$MOD_CP_EXCEPTION_ENABLED" = "1" ]; then
          iptables -t nat -I $MOD_CP_CHAIN_PRE -s $MOD_CP_EXCEPTION_IPADDR ! -d $PUBLIC_IF3_NAME -j ACCEPT
        fi
        # reload already logged users (i.e. captive portal restart)
        ls $MOD_CP_IP_DIR | while read IP; do
          PUBLIC_IF_IP=`get_public_ip $IP`
          cust_enable_by_ip $IP $PUBLIC_IF_IP;
        done
        # reload already banned users (i.e. captive portal restart)
        ls $MOD_CP_BAN_DIR | while read IP; do
          iptables -t nat -I $MOD_CP_CHAIN_PRE -p tcp -s $IP/32 --dport 80 -j REDIRECT --to-ports $PORT_BP
        done
        exit 0
        ;;
    stop)
        if [ -n "$PUBLIC_IF1_NAME" ]; then
          iptables -t nat -D PREROUTING -i $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_PRE
          iptables -t nat -D PREROUTING -i $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_UB_PRE
          iptables -D FORWARD -i $PUBLIC_IF1_NAME -p udp --dport 53 -j $MOD_CP_CHAIN_UB
          iptables -D FORWARD -i $PUBLIC_IF1_NAME -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
          iptables -D FORWARD -o $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_FWD
          iptables -D FORWARD -i $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_FWU
          iptables -D INPUT -i $PUBLIC_IF1_NAME -j $MOD_CP_CHAIN_IN
          iptables -D FORWARD -s $PUBLIC_IF1_NETWORK/$PUBLIC_IF1_NETMASK -j $MOD_CP_CHAIN_UT1
          iptables -D FORWARD -d $PUBLIC_IF1_NETWORK/$PUBLIC_IF1_NETMASK -j $MOD_CP_CHAIN_UT1
          iptables -F $MOD_CP_CHAIN_UT1
          iptables -X $MOD_CP_CHAIN_UT1
        fi
        if [ -n "$PUBLIC_IF2_NAME" ]; then
          iptables -t nat -D PREROUTING -i $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_PRE
          iptables -t nat -D PREROUTING -i $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_UB_PRE
          iptables -D FORWARD -i $PUBLIC_IF2_NAME -p udp --dport 53 -j $MOD_CP_CHAIN_UB
          iptables -D FORWARD -i $PUBLIC_IF2_NAME -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
          iptables -D FORWARD -o $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_FWD
          iptables -D FORWARD -i $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_FWU
          iptables -D INPUT -i $PUBLIC_IF2_NAME -j $MOD_CP_CHAIN_IN
          iptables -D FORWARD -s $PUBLIC_IF2_NETWORK/$PUBLIC_IF2_NETMASK -j $MOD_CP_CHAIN_UT2
          iptables -D FORWARD -d $PUBLIC_IF2_NETWORK/$PUBLIC_IF2_NETMASK -j $MOD_CP_CHAIN_UT2
          iptables -F $MOD_CP_CHAIN_UT2
          iptables -X $MOD_CP_CHAIN_UT2
        fi
        if [ -n "$PUBLIC_IF3_NAME" ]; then
          iptables -t nat -D PREROUTING -i $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_PRE
          iptables -t nat -D PREROUTING -i $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_UB_PRE
          iptables -D FORWARD -i $PUBLIC_IF3_NAME -p udp --dport 53 -j $MOD_CP_CHAIN_UB
          iptables -D FORWARD -i $PUBLIC_IF3_NAME -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
          iptables -D FORWARD -o $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_FWD
          iptables -D FORWARD -i $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_FWU
          iptables -D INPUT -i $PUBLIC_IF3_NAME -j $MOD_CP_CHAIN_IN
          iptables -D FORWARD -s $PUBLIC_IF3_NETWORK/$PUBLIC_IF3_NETMASK -j $MOD_CP_CHAIN_UT3
          iptables -D FORWARD -d $PUBLIC_IF3_NETWORK/$PUBLIC_IF3_NETMASK -j $MOD_CP_CHAIN_UT3
          iptables -F $MOD_CP_CHAIN_UT3
          iptables -X $MOD_CP_CHAIN_UT3
        fi
        iptables -t nat -F $MOD_CP_CHAIN_UB_PRE
        iptables -t nat -X $MOD_CP_CHAIN_UB_PRE
        iptables -t nat -F $MOD_CP_CHAIN_PRE
        iptables -t nat -X $MOD_CP_CHAIN_PRE
        iptables -D $MOD_CP_CHAIN_IN -p udp --dport 53 -j $MOD_CP_CHAIN_UB
        iptables -D $MOD_CP_CHAIN_IN -p tcp --dport 53 -j $MOD_CP_CHAIN_UB
        iptables -F $MOD_CP_CHAIN_UB
        iptables -X $MOD_CP_CHAIN_UB
        iptables -F $MOD_CP_CHAIN_FWD
        iptables -X $MOD_CP_CHAIN_FWD
        iptables -F $MOD_CP_CHAIN_FWU
        iptables -X $MOD_CP_CHAIN_FWU
        iptables -F $MOD_CP_CHAIN_IN
        iptables -X $MOD_CP_CHAIN_IN
        exit 0
        ;;
    login)
        IP=$2
        [ -n "$IP" ] || exit 5
        N=`iptables -nL | grep -c $IP`
        # IP address already logged in
        if [ $N -ge 2 ]; then exit 6; fi
        PUBLIC_IF_IP=`get_public_ip $IP`
        cust_enable_by_ip $IP $PUBLIC_IF_IP;
        exit 0
        ;;
    logout)
        IP=$2
        PORT_BP=$3
        [ -n "$IP" ] || exit 5
        # Remove from iptables
        RETVAL=0
        while [ $RETVAL -eq 0 ]; do
          PUBLIC_IF_IP=`get_public_ip $IP`
          iptables -t nat -D $MOD_CP_CHAIN_PRE -s $IP ! -d $PUBLIC_IF_IP -j ACCEPT
          RETVAL=$?
        done
        RETVAL=0
        while [ $RETVAL -eq 0 ]; do
          iptables -D $MOD_CP_CHAIN_FWD -d $IP -j ACCEPT
          RETVAL=$?
        done
        RETVAL=0
        while [ $RETVAL -eq 0 ]; do
          iptables -D $MOD_CP_CHAIN_FWU -s $IP -j ACCEPT
          RETVAL=$?
        done
        [ -n "$PORT_BP" ] && iptables -t nat -I $MOD_CP_CHAIN_PRE -p tcp -s $IP/32 --dport 80 -j REDIRECT --to-ports $PORT_BP
        exit 0
        ;;
    ban_logout)
        IP=$2
        PORT_BP=$3
        if [ -z "$IP" ] || [ -z "$PORT_BP" ]; then
          exit 5
        fi
        [ -n "$IP" ] || exit 5
        iptables -t nat -D $MOD_CP_CHAIN_PRE -p tcp -s $IP/32 --dport 80 -j REDIRECT --to-ports $PORT_BP
        exit 0
        ;;
    status)
        if [ "$2" = "cp" ]; then
          N=`(iptables -nL; iptables -t nat -nL) | grep -c Chain\ captive_portal-`
          if [ $N -gt 5 ]; then echo "running"; else echo "stopped"; fi
        elif [ "$2" = "url_blocker" ]; then
           N=`iptables -nL | grep -c Chain\ $MOD_CP_CHAIN_UB`
           if [ $N -eq 1 ]; then echo "running"; else echo "stopped"; fi
        fi
        exit 0
        ;;
    restart)
        $0 stop
        sleep 1
        $0 start
        ;;
    *)
        echo "Usage: $0 {start|stop|login|logout|status|restart}"
        exit 1
        ;;
esac
