#!/bin/sh -e

. ../common-script.sh

installPkg() {
    if ! command_exists ufw; then
     printf "%b\n" "${YELLOW}Installing UFW...${RC}"
        case "$PACKAGER" in
            pacman)
                "$ESCALATION_TOOL" "$PACKAGER" -S --needed --noconfirm ufw
                ;;
            apk)
                "$ESCALATION_TOOL" "$PACKAGER" add ufw
                ;;
            *)
                "$ESCALATION_TOOL" "$PACKAGER" install -y ufw
                ;;
        esac
    else
        printf "%b\n" "${GREEN}UFW is already installed${RC}"
    fi
}

configureUFW() {
    printf "%b\n" "${YELLOW}Using Chris Titus Recommended Firewall Rules${RC}"

    printf "%b\n" "${YELLOW}Disabling UFW${RC}"
    "$ESCALATION_TOOL" ufw disable

    printf "%b\n" "${YELLOW}Limiting port 22/tcp (UFW)${RC}"
    "$ESCALATION_TOOL" ufw limit 22/tcp

    printf "%b\n" "${YELLOW}Allowing port 80/tcp (UFW)${RC}"
    "$ESCALATION_TOOL" ufw allow 80/tcp

    printf "%b\n" "${YELLOW}Allowing port 443/tcp (UFW)${RC}"
    "$ESCALATION_TOOL" ufw allow 443/tcp

    printf "%b\n" "${YELLOW}Denying Incoming Packets by Default(UFW)${RC}"
    "$ESCALATION_TOOL" ufw default deny incoming

    printf "%b\n" "${YELLOW}Allowing Outcoming Packets by Default(UFW)${RC}"
    "$ESCALATION_TOOL" ufw default allow outgoing

    "$ESCALATION_TOOL" ufw enable
    printf "%b\n" "${GREEN}Enabled Firewall with Baselines!${RC}"
}

checkEnv
checkEscalationTool
installPkg
configureUFW