#!/bin/bash
# Author: Ricardo Leite Gaonçalves - 2021/7
# http://www.davinti.com.br
#

trusted=/etc/network/firewall/trustedips.conf
trusted6=/etc/network/firewall/trustedips6.conf

if [ "$USER" != "root"  ] ; then
   printf "Are you root? \nsudo ./install.sh\n"
   exit 1
fi

#if [ "X$(which dialog)" == "X" ]; then
#   apt -y install dialog
#fi

if [ "X$(which fail2ban-client)" == "X" ]; then
  apt -y install fail2ban
fi

if [ ! -d /etc/network/firewall ] ; then
   mkdir -p /etc/network/firewall
fi

if [ ! -d /etc/network/firewall/config.d ] ; then
   mkdir -p /etc/network/firewall/config.d
fi


if [ ! -f $trusted ]; then
   # Include all local ipv4 ips (but commented), and open localhost ipv4.
   ip a | grep " inet " | sed -e 's|^.*inet |#|g' -e 's|\/.*$||g' -e 's|^#127.0.0.1$|127.0.0.1|g' >> $trusted
fi

if [ ! -f $trusted6 ]; then
   # Include all local ipv6 ips (but commented) and open the localhost ipv6.
   ip a | grep " inet6 " | sed -e 's|^.*inet6 |#|g' -e 's|\/.*$||g' -e 's|^#::1$|::1|g' >> $trusted6
fi

cp -v firewall.service /etc/systemd/system/
cp -v firewall-init.service /etc/systemd/system/

systemctl enable firewall.service
systemctl enable firewall-init.service

if [ ! -f /etc/network/firewall/rules.sh -o "$1" == "-f" ] ; then
   cp -v rules.sh /etc/network/firewall/
fi

if [ ! -f /etc/network/firewall/init.sh -o "$1" == "-f" ] ; then
   cp -v init.sh /etc/network/firewall/
fi

if [ ! -f /etc/network/firewall/firewall.cfg -o "$1" == "-f" ] ; then
   cp -v firewall.cfg /etc/network/firewall/
fi

echo ""
echo !!! Please check configuration files:
echo $trusted
echo $trusted6
echo /etc/network/firewall/firewall.cfg 
echo /etc/network/firewall/rules.sh
find /etc/network/firewall/config.d -type f
echo ""