#!/usr/bin/env bash
# shellcheck source=/dev/null

if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi

__main() {
	:
	update-alternatives --set iptables /usr/sbin/iptables-legacy 2>/dev/null
	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2>/dev/null

	_owner_id=52000
	_chain="output_netflow_owner_${_owner_id}"

	for cmd in iptables ip6tables; do
		$cmd -t mangle -N "$_chain" 2>/dev/null || true

		if ! $cmd -t mangle -C OUTPUT -m owner --gid-owner "$_owner_id" -j "$_chain" 2>/dev/null; then
			$cmd -t mangle -A OUTPUT -m owner --gid-owner "$_owner_id" -j "$_chain"
		fi

		if ! $cmd -t mangle -C "$_chain" -j RETURN 2>/dev/null; then
			$cmd -t mangle -A "$_chain" -j RETURN
		fi
		$cmd -t mangle -L OUTPUT -v -n -x
	done

}

__main

__help() {
	cat >/dev/null <<-'EOF'

	EOF
}