@echo off
REM =========================================
REM apply-cluster-snat.bat
REM Enables hairpin NAT for Kubernetes pods -> HAProxy host
REM =========================================

REM ---- Step 1: Enable IP forwarding ----
echo Enabling IPv4 forwarding...
powershell -Command "Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name 'IPEnableRouter' -Value 1"
echo IP forwarding enabled. Please reboot for permanent effect.

REM ---- Step 2: Add UFW NAT rules ----
echo Applying NAT rules for pod -> HAProxy hairpin...
REM Ensure before.rules file exists
set ufw_rules_file=/etc/ufw/before.rules

REM Backup original rules
if exist "%ufw_rules_file%.bak" (
    echo Backup already exists.
) else (
    copy "%ufw_rules_file%" "%ufw_rules_file%.bak"
    echo Backup created at %ufw_rules_file%.bak
)

REM Append NAT rules
echo *nat >> "%ufw_rules_file%"
echo :POSTROUTING ACCEPT [0:0] >> "%ufw_rules_file%"
echo -A POSTROUTING -s 10.42.0.0/16 -d 192.168.1.160 -j MASQUERADE >> "%ufw_rules_file%"
echo COMMIT >> "%ufw_rules_file%"

REM ---- Step 3: Reload UFW ----
echo Reloading UFW...
ufw disable
ufw enable

echo Hairpin NAT applied successfully.
pause