#!/bin/bash

if [ "$USER" != "root"  ] ; then
   printf "Are you root? \nsudo ./install.sh\n"
   exit 1
fi


#if [ "X$(which dialog)" == "X" ]; then
#   apt -y install dialog
#fi

if [ "X$(which fail2ban-client)" == "X" ]; then
  apt -y install fail2ban
fi

if [ ! -d /etc/network/firewall ] ; then
   mkdir -p /etc/network/firewall
fi

trusted=/etc/network/firewall/trustedips.conf
trusted6=/etc/network/firewall/trustedips6.conf

if [ ! -f $trusted ]; then
   # Include all local ipv4 ips (but commented), and open localhost ipv4.
   ip a | grep " inet " | sed -e 's|^.*inet |#|g' -e 's|\/.*$||g' -e 's|^#127.0.0.1$|127.0.0.1|g' >> $trusted
fi

if [ ! -f $trusted6 ]; then
   # Include all local ipv6 ips (but commented) and open the localhost ipv6.
   ip a | grep " inet6 " | sed -e 's|^.*inet6 |#|g' -e 's|\/.*$||g' -e 's|^#::1$|::1|g' >> $trusted6
fi

cp -v firewall.service /etc/systemd/system/
cp -v firewall-init.service /etc/systemd/system/

systemctl enable firewall.service
systemctl enable firewall-init.service

if [ ! -f /etc/network/firewall/rules.sh ] ; then
   cp -v rules.sh /etc/network/firewall/
fi

if [ ! -f /etc/network/firewall/init.sh  ] ; then
   cp -v init.sh /etc/network/firewall/
fi