#!/bin/sh
#
# Script to setup drone pairing
#

# Getting Iphone's MAC address from config.ini file.
NULL_MAC=00:00:00:00:00:00
if [ $# -eq 0 ]
then
if [ -s /data/config.ini ]
then
MAC_ADDR=`grep owner_mac /data/config.ini | awk -F "=" '{print $2}'`
else
MAC_ADDR=$NULL_MAC
fi
else
MAC_ADDR=$1
fi

echo "Owner's MAC address is: $MAC_ADDR"

# [Stephane] Exits if owner MAC address is already being filtered
#  (changing iptables rules too often may crash the drone for a undetermined reason)
CURRENTLY_ALLOWED_MAC_ADDR=`iptables -L | grep MAC | awk -F " " '{print $7}'`
if [ "$CURRENTLY_ALLOWED_MAC_ADDR" = "$MAC_ADDR" ]
then
echo "Drone is already paired with $MAC_ADDR"
exit
fi

if [ $MAC_ADDR != $NULL_MAC ]
then
echo "Setting pairing for: $MAC_ADDR"
# Clearing all rules
iptables -P INPUT ACCEPT
iptables -F
# Allowing only owner's traffic
iptables -A INPUT -m mac --mac-source $MAC_ADDR -j ACCEPT
# allowing ICMP (ping), ftp, nfs and telnet traffic for everyone.
iptables -A INPUT --protocol icmp -j ACCEPT
#iptables -A INPUT --protocol tcp --dport 23 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 21 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 2049 -j ACCEPT
# Blocking all incoming traffic by default
iptables -P INPUT DROP
else
echo "Clearing pairing rule"
# Switching rad LED on
gpio 63 -d ho 1

# Clearing all rules
iptables -F
# Allows incoming connections from anywhere outside
iptables -P INPUT ACCEPT

# Switching rad LED off
gpio 63 -d ho 0
fi