lfirewall/scripts/setup

###############################################################
# iptables chain names
###############################################################
IT_INPUT=INPUT
IT_INPUT_LOG=LOGINPUT
IT_OUTPUT=OUTPUT
IT_OUTPUT_LOG=LOGOUTPUT
IT_POSTROUTING=POSTROUTING
IT_PREROUTING=PREROUTING

PATH=/bin:/sbin:/usr/bin:/usr/sbin

#Defautl network interface
NETWORK_IF=eth0

# Services that the system will offer to the network
TCP_SERVICES="22" # SSH only
UDP_SERVICES=""
# Services the system will use from the network
REMOTE_TCP_SERVICES="80 443" # web browsing
REMOTE_UDP_SERVICES="53" # DNS

# Port used for the SSH service, define this is you have setup a
# management network but remove it from TCP_SERVICES
SSH_PORT="22"

###############################################################
# Default IP_TABLES command path
###############################################################
IP_TABLES="/sbin/iptables"
IP_TABLES_RESTORE="/sbin/iptables-restore"
IP_TABLES_RESTORE_6="/sbin/ip6tables-restore"
IP_TABLES_SAVE="/sbin/iptables-save"
IP_TABLES_SAVE_6="/sbin/ip6tables-save"

###############################################################
# iptables action definition
###############################################################

# -C
export IPTABLES_CHECK=__iptables_check_action
# -A
export IPTABLES_ADD=__iptable_add_action
# -I
export IPTABLES_INSERT=__iptable_insert_action
# -P
export IPTABLES_SET_POLICY=__iptable_set_policy_action

export IP_TABLES
export NETWORK_IF


###############################################################
# File and folder paths
###############################################################
CONFIGURATION_FILE=${CONFIGURATION_DIR}/lfirewall.conf
CONFIGURATION_LOCAL_FILE=${CONFIGURATION_DIR}/lfirewall.conf.local
USER_RULES_IPTABLES=${CONFIGURATION_DIR}/iptables-user.v4
USER_RULES_IPTABLES_6=${CONFIGURATION_DIR}/iptables-user.v6
POST_UP_DOWN_SCRIPTS_DIR==${CONFIGURATION_DIR}/post-up-down.d
POST_START_STOP_SCRIPTS_DIR==${CONFIGURATION_DIR}/post-up-down.d



###############################################################


###############################################################
# Utility functions definition
###############################################################

has_parent_process(){
	local parent_to_search
	local ppid
	parent_to_search="${1:-}"
	if [ -z "${parent_to_search:-}" ]
	then
		echo "ERROR: need parent process pid as first arg" >&2
		return 5
	fi
	local pid
	pid="${2:-}"
	if [ -z "${pid:-}" ]
	then
		pid=$$
	fi
	if [ $parent_to_search = $pid ]
	then
		echo ${parent_to_search}
		return 0
	else if [ $pid -gt 1 ]
		then
			ppid=$(ps --pid ${pid} -o ppid= | xargs) || echo "OUT OF RANGE PID=${pid}" >&2
			if [ -n "$ppid" ]
			then
				if [ $ppid = $pid ]
				then
					#echo "ERROR: pid=$pid is the same as ppid=$ppid" >&2
					echo -1
				else
					has_parent_process ${parent_to_search} ${ppid}
				fi
			else
				#echo "ERROR: pid='$pid' has ppid='$ppid'" >&2
				echo -2
			fi
		else
			#echo "NOT FOUND: ${parent_to_search}" >&2
			echo 1
		fi
	fi
	return 1
}

find_pid_user_of(){
	local used_file=$1
	local regex="$2"
	lsof ${used_file} | awk 'NR>1 && $1 ~ /'${regex}'/ && !($2 in a){a[$2]++; print $2}'
}

find_systemctl_pids(){
	local shell_pid
	local systemctl_pid
	ps -elf | grep 'systemctl' | grep -v grep | awk '{print $13}' | sort -u | while read term
	do
		#echo ${shell_pid} ${systemctl_pid} >&2
		if [ -z "${shell_pid:-}" ]
		then
			shell_pid=$(find_pid_user_of /dev/$term '.*sh$')
		fi
		if [ -z "${systemctl_pid:-}" ]
		then
			systemctl_pid=$(find_pid_user_of /dev/$term 'systemctl')
		fi
		echo ${shell_pid} ${systemctl_pid}
	done
}