#!/usr/bin/env bash

# Copyright (C) 2021 by LHProjects <copyright@lhpmail.us>
#
# Permission is granted to use, copy, modify, and/or distribute this work for any purpose with or without fee. This work is offered as-is, with absolutely no warranty whatsoever. The author is not responsible for any damages that result from using this work. 
#
#

# Updates FirewallD on s3va.bugzbunny.net when my home IP address changes.
#

# Define variables
CACHE_IP_FILE=/tmp/update_firewall.cache
HOME_IP=$(host fwgw.lhprojects.net | cut -d ' ' -f 4)

update_firewall () {
	# check if cache IP is in the ipset entries
	ipset_entries=$(firewall-cmd --ipset=node_ips --get-entries 2> /dev/null)

	found=false
	for ip in $ipset_entries; do
		if [ "$ip" = "$CACHE_IP" ]; then
			# remove old entry
			firewall-cmd --permanent --ipset=node_ips --remove-entry=$ip &> /dev/null
			# add new entry
			firewall-cmd --permanent --ipset=node_ips --add-entry=$HOME_IP &> /dev/null
			# reload firewall
			firewall-cmd --reload &> /dev/null
			found=true
		fi
	done

	if [ "$found" = false ]; then
		echo "Error: Unable to remove old cache IP: '$CACHE_IP'; Not Found."
		firewall-cmd --info-ipset=node_ips
		exit 1
	else
			echo "$HOME_IP" > $CACHE_IP_FILE
	fi
}

# Check if we have cache IP
if test -f $CACHE_IP_FILE; then
	CACHE_IP=$(cat $CACHE_IP_FILE)
	if [ "$HOME_IP" != "$CACHE_IP" ]; then
		update_firewall
	fi
	
else
	echo "$HOME_IP" > $CACHE_IP_FILE
	CACHE_IP=$HOME_IP
	update_firewall
fi
exit 0