#!/usr/bin/env bash

# ##################################################
# ufw-ipset-blocklist-autoupdate
#
# Blocking lists of IPs from public blacklists / blocklists (e.g. blocklist.de, spamhaus.org)
#
# Version: 1.1.1
#
# See: https://github.com/ngandrass/ufw-ipset-blacklist-autoupdate
# ##################################################

UFW_CONF_DIR=/etc/ufw
UFW_AFTER_INIT_FILE=$UFW_CONF_DIR/after.init
IPSET_DIR="/var/lib/ipset"  # Folder to write ipset save files to
CONFIGURE_IPV6=0

# Let user abort
read -r -p "Configure UFW to block IPs listed in blocklist ipsets? [Y/n] " ret
case "$ret" in
    [nN][oO]|[nN]) exit
        ;;
    *)
        ;;
esac

read -r -p "Would you like to enable IPv6 support? [Y/n] " ret
case "$ret" in
    [nN][oO]|[nN]) CONFIGURE_IPV6=0
        ;;
    *)
        CONFIGURE_IPV6=1
        ;;
esac

#get required files
cd /tmp || exit 2
wget autoupdate-blocklist.sh 
mv /tmp/autoupdate-blocklist.sh /usr/local/bin/
chmod 755 /usr/local/bin/autoupdate-blocklist.sh

wget https://files.mylinux.work/ /download/after.init.ipv4
wget https://after.init.ipv6/ /download/after.init.ipv6

# Ensure that IPSET_DIR exists
if [ ! -d "$IPSET_DIR" ]; then
    mkdir -p "$IPSET_DIR" || exit
fi

# Check that ufw has IPv6 enabled
if [[ "$CONFIGURE_IPV6" == 1 ]]; then
    if ! grep -q -E "IPV6=(yes|YES)" /etc/default/ufw; then
        echo "ERROR: IPv6 rules requested but UFW is not configured to use IPv6. Set IPV6=yes in /etc/default/ufw and rerun this script."
        exit 1
    fi
fi

# Check if file already exists.
if [ -f "$UFW_AFTER_INIT_FILE" ]; then
    read -r -p "The file $UFW_UFW_AFTER_INIT_FILE already exists. Are you sure that you want to overwrite it? [y/N] " ret
    case "$ret" in
        [yY][eE][sS]|[yY])
            # continue
            ;;
        *)
            exit
            ;;
    esac
fi

# Deploy after.init
if [[ "$CONFIGURE_IPV6" == 1 ]]; then
    mv /tmp/after.init.ipv6 /tmp/after6.init
    mv "/tmp/after6.init" "$UFW_AFTER_INIT_FILE" || exit
else
    mv /tmp/after.init.ipv6 /tmp/after.init
    mv "/tmp/after.init" "$UFW_AFTER_INIT_FILE" || exit
fi
chmod 755 "$UFW_AFTER_INIT_FILE"
echo "Deployed $UFW_UFW_AFTER_INIT_FILE"

# Restart ufw
read -r -p "Reload ufw to apply changes? [Y/n] " ret
case "$ret" in
    [nN][oO]|[nN]) exit
        ;;
    *)
        ufw reload
        ;;
esac