#!/bin/sh
#
# {{ ansible_managed }}
#

# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% if server_type == 'gateway' or server_type == 'monitoring' %}
{% for mesh in meshes %}
ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %}
{% endif %}
{% for network in my_wireguard_networks %}
ip -4 rule del from all iif wg-{{ network.remote[:11] }} lookup mwu priority 7
ip -6 rule del from all iif wg-{{ network.remote[:11] }} lookup mwu priority 7
ip -4 rule del from all oif wg-{{ network.remote[:11] }} lookup mwu priority 7
ip -6 rule del from all oif wg-{{ network.remote[:11] }} lookup mwu priority 7
{% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule del from {{ prefix.ipv4 }} lookup mwu priority 7
ip -4 rule del to {{ prefix.ipv4 }} lookup mwu priority 7
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}

{% if server_type == 'gateway' %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule del from {{ prefix.ipv4 }} lookup icvpn priority 23
ip -4 rule del to {{ prefix.ipv4 }} lookup icvpn priority 23
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
ip -4 rule del from all oif icvpn lookup icvpn priority 23
ip -6 rule del from all oif icvpn lookup icvpn priority 23

# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule del from {{ prefix.ipv4 }} lookup internet priority 41
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41

# Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for mesh in meshes %}
ip -4 rule del from all iif {{ mesh.id }}br type unreachable priority 61
ip -6 rule del from all iif {{ mesh.id }}br type unreachable priority 61
{% endfor %}
ip -4 rule del from all iif icvpn type unreachable priority 61
ip -4 rule del from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
{% for server_id, server_value in ffrl_exit_server.items() %}
ip -4 rule del from all iif {{ server_id }} type unreachable priority 61
ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
{% endfor %}
ip -6 rule del from all iif icvpn type unreachable priority 61
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for prefix in public_prefixes %}
ip -6 rule del from {{ prefix.ipv6 }} type unreachable priority 61
ip -6 rule del to {{ prefix.ipv6 }} type unreachable priority 61
{% endfor %}

# Priority 107 - lookup policies for the gateway host self originating traffic
ip -4 rule del from all lookup mwu priority 107
ip -4 rule del from all lookup icvpn priority 107
ip -6 rule del from all lookup mwu priority 107
ip -6 rule del from all lookup icvpn priority 107
{% endif %}

exit 0