#!/bin/bash -xe
[ "$UID" = 0 ] || exec sudo -- "$0" "$@" || exit

if [ "$1" = delete ]
then
	ONLY_DELETE_RULES=y
fi

ip6tables_add()
{
	ip6tables -D "$@" 2>/dev/null || : not deleted
	${ONLY_DELETE_RULES:+: not added -- } ip6tables -A "$@"
}
ip6rule_add()
{
	ip -6 rule delete "$@" 2>/dev/null || : not deleted
	${ONLY_DELETE_RULES:+: not added -- } ip -6 rule add "$@"
}

mark=22
ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW                 -j MARK --set-mark $mark
ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW                 -j CONNMARK --save-mark
ip6tables_add OUTPUT -t mangle -p tcp       -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
ip6rule_add fwmark $mark unreachable
ip6rule_add fwmark $mark table main
exit $?