#!/usr/bin/bash

# exit if not running as root. Because other user don't have privileges to start/stop firewalld.
[[ "${UID}" -eq "0" ]] || exit 0

if [[ "${PAM_USER}" =~ -exam$ ]]; then
  systemctl start firewalld.service
  if [[ -f /usr/local/sbin/no-way-out-nftable ]]; then
    /usr/local/sbin/no-way-out-nftable || true
  fi
  if systemctl is-enabled --quiet libvirtd.service; then
    systemctl restart libvirtd.service
  fi
elif ! (users | grep -q -- "-exam"); then
  if /usr/sbin/nft list tables | /usr/bin/grep -q filtermacvtap; then
    /usr/sbin/nft delete table netdev filtermacvtap || true
  fi
  systemctl stop firewalld.service
  if systemctl is-enabled --quiet libvirtd.service; then
    systemctl restart libvirtd.service
  fi
fi