#!/bin/bash

toolName=ufw
toolDeps=$toolName

# Get script working directory
# (when called from a different directory)
WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
CONFIG=0
CONFIG_FILE_NAME="${toolName}.cfg"
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"

#step_config() {
#  echo "Called once before executing steps."
  ## e.g. to source a config file manually:
  #. "$CONFIG_FILE"
  ## or to use sequencer api:
  #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
  #if [ $? -eq 0 ] ; then
  #  CONFIG=1
  #fi
#}

step_1_info() { echo "Install $toolName and allow ssh access"; }
step_1_alias() { ALIAS="install"; }
step_1() {
  local aptOpt=
  if [ $QUIET -ne 0 ];then
    aptOpt="-y"
  fi
  exe apt install $toolDeps $aptOpt
  exe ufw allow ssh
}

step_2_info() { echo "Enable $toolName"; }
step_2() {
  exe ufw enable
}

step_20_info() { echo "Enable mail server essentials"; }
step_20_alias() { ALIAS="mailserver"; }
step_20() {
  exe ufw allow "Postfix"
  exe ufw allow "Postfix SMTPS"
  exe ufw allow "Dovecot Secure IMAP"
  exe ufw allow "WWW Secure"
  # Manage sieve
  exe ufw allow 4190/tcp
}

step_22_info() { echo "Deny multicast from gateway [IP]"; }
step_22_alias() { ALIAS="multicast"; }
step_22() {
  shift
  if [ -z $1 ] ; then
    echoerr " [E] No [IP} specified"
    return 1
  fi

  exe ufw deny in from $1 to 224.0.0.0/4
  exe ufw deny in from $1 to 239.0.0.0/8
}

VERSION_SEQREV=11
. /usr/local/bin/sequencer.sh