import os
import logging
from logging.handlers import RotatingFileHandler

import nat
import mac_ip

BASE_DIR = os.path.dirname(os.path.abspath(__file__))

LOG_LEVEL = logging.INFO

logger = logging.getLogger()
logger.setLevel(LOG_LEVEL)
formatter = logging.Formatter('%(asctime)s :: %(levelname)s :: %(message)s')
file_handler = RotatingFileHandler('/var/log/firewall.log', 'a', 1000000, 1)
file_handler.setLevel(LOG_LEVEL)
file_handler.setFormatter(formatter)
logger.addHandler(file_handler)
stream_handler = logging.StreamHandler()
stream_handler.setFormatter(formatter)
stream_handler.setLevel(LOG_LEVEL)
logger.addHandler(stream_handler)

logger.info("Activation des paramètres noyau")
logging.debug("Activation du routage des paquets")
os.system('echo "1" > /proc/sys/net/ipv4/ip_forward')
logger.debug("Active la protection TCP SYN Cookies (demandes de connexion repetes)")
os.system('echo "1" > /proc/sys/net/ipv4/tcp_syncookies')
logger.debug("Filtrage en mode strict des paquets pour éviter l'IP spoofing "
             "(voir RFC3704 Strict Reverse Path)")
os.system('echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter')
os.system('echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter')
logger.debug("Don't accept source routed packets.")
os.system('echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route')

logger.info("Chargement du firewall")
os.system('nft -I {install_dir} -f {firewall}'.format(
    install_dir=BASE_DIR,
    firewall=os.path.join(BASE_DIR, 'firewall.nft')
))

logger.info("Chargement de la table mac_ip")
mac_ip.update_macip()

logger.info("Chargement de la table nat")
nat.main()