#!/bin/bash

#                 +----------------------------+
# Internet_v4 <=> | WIFI <-(sharewifi)-> WIRED | <=> Device
#                 +----------------------------+

# executed as root
# dnsmasq not running
# $IF_WIRED not handled by an intrusive network manager
# ^C to quit

IF_WIFI=wlo1
IF_WIRED=eth0
IP4_PREFIX=10.42.0. # /24

function reverse() {
  trap - EXIT ERR INT

  ip addr del ${IP4_PREFIX}1/24 dev $IF_WIRED

  iptables -D INPUT -p udp -i $IF_WIRED --dport 53 -j ACCEPT
  iptables -D INPUT -p udp -i $IF_WIRED --dport 67 -j ACCEPT
  iptables -D FORWARD -j ACCEPT
  iptables -t nat -D POSTROUTING -o $IF_WIFI -j MASQUERADE

  sysctl -w net.ipv4.ip_forward=0 > /dev/null
  rm /tmp/.sharewifi

  exit 0
}

if [ $EUID -ne 0 ]; then
   echo '[ERR] You must be root.' 1>&2
   exit 1
fi

trap reverse EXIT ERR INT

if ip link show tun0 &> /dev/null; then
  IF_WIFI=tun0
fi

sysctl -w net.ipv4.ip_forward=1 > /dev/null

iptables -t nat -A POSTROUTING -o $IF_WIFI -j MASQUERADE
iptables -I FORWARD 1 -j ACCEPT
iptables -I INPUT 1 -p udp -i $IF_WIRED --dport 67 -j ACCEPT
iptables -I INPUT 1 -p udp -i $IF_WIRED --dport 53 -j ACCEPT

ip addr add ${IP4_PREFIX}1/24 dev $IF_WIRED
echo "dhcp-range=$IF_WIRED,${IP4_PREFIX}2,${IP4_PREFIX}254,24h" > /tmp/.sharewifi
dnsmasq --dhcp-sequential-ip --log-dhcp --log-facility=- -k -C /tmp/.sharewifi

exit 0