#!/bin/bash
# =============================================================================
# Firewall configuration module
# =============================================================================

# Set script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Source common functions and variables
source "./common.sh"

# Function to configure UFW
configure_ufw() {
  log_message "INFO" "Configuring UFW firewall"

  # Check if UFW is installed
  if ! command_exists ufw; then
    log_message "INFO" "Installing UFW"
    apt-get install -y ufw
    
    if [ $? -ne 0 ]; then
      log_message "ERROR" "Failed to install UFW"
      return 1
    fi
  fi

  # Reset UFW to default settings
  log_message "INFO" "Resetting UFW to default settings"
  ufw --force reset

  # Set default policies
  log_message "INFO" "Setting default UFW policies"
  ufw default deny incoming
  ufw default allow outgoing

  # Allow SSH on custom port
  log_message "INFO" "Allowing SSH on port 2222"
  ufw allow 2222/tcp

  # Allow HTTP/HTTPS for web services if needed
  log_message "INFO" "Allowing HTTP/HTTPS ports"
  ufw allow 80/tcp
  ufw allow 443/tcp

  # Allow SNMP for monitoring
  log_message "INFO" "Allowing SNMP port for monitoring"
  ufw allow 161/udp

  # Allow NRPE for monitoring
  log_message "INFO" "Allowing NRPE port for monitoring"
  ufw allow 5666/tcp

  # Enable UFW
  log_message "INFO" "Enabling UFW"
  echo "y" | ufw enable

  if [ $? -eq 0 ]; then
    log_message "SUCCESS" "UFW enabled successfully"
  else
    log_message "ERROR" "Failed to enable UFW"
    return 1
  fi

  # Show UFW status
  log_message "INFO" "UFW status:"
  ufw status verbose
}

# Main execution for firewall
configure_ufw

log_message "SUCCESS" "Firewall configuration completed"