# Common code for iptables manipulation

IPTABLE_OPEN_4118_RULE='INPUT -j ACCEPT -m state --state NEW --proto tcp --dport 4118'

tcp_port_4118_filtered()
{
   local dpt_4118=$( iptables -nL | grep dpt:4118 )
   test -z "$dpt_4118"
}


# if FireWall is enabled, function echo 1 otherwise 0
checkFirewallEnabled() 
{
        isCentOS=0;
        isRHEL=0;
        isSuSE=0;
        isUbuntu=0;
        isOracle=0;
        isDebian=0;

        isSuSEfirewall2_init=0;
        ip4fireWallEnabled=0;
        ip6fireWallEnabled=0;

        majorVer=0;
        
        if [ -f /etc/SuSE-release ]; then

                isSuSE=1;
                majorVer=$(cat /etc/SuSE-release | grep -e "VERSION =" | awk {'print $3'});
                isSuSEfirewall2_init=$(if [ -f /etc/sysconfig/SuSEfirewall2 ]; then echo 1; else echo 0; fi);

        elif [ -f /etc/centos-release ] && [ -f /etc/redhat-release ]; then

                isCentOS=1;
                majorVer=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release));

        elif [ -f /etc/oracle-release ] && [ -f /etc/redhat-release ]; then

                isOracle=1;
                majorVer=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides oracle-release));

        elif [ -f /etc/redhat-release ]; then
                
                # pre-check older verison CentOS 5 distributions that may have tag in /etc/redhat-release
                CentOS_tag=$(cat /etc/redhat-release | grep -e "CentOS" | awk {'print $1'} |cut -c-6 ) 
                if [ "$CentOS_tag" == "CentOS" ]; then
                   isCentOS=1;
                else
                   isRHEL=1;
                fi                

                majorVer=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release));

	elif [ -f /etc/debian_version ] || [ -f /etc/debian_release ]; then
		if [ -f /etc/lsb-release ]; then
	            isUbuntu=1;
        	    majorVer=$(cat /etc/*-release | grep -e "DISTRIB_DESCRIPTION=*" | awk {'print $2'}|cut -f1 -d".");
		else
                    isDebian=1
		fi
        fi

        # check empty, invalid version value
        if [[ ! "$majorVer" =~ ^-?[0-9]+[.]?[0-9]*$ ]]; then
           majorVer=0
		else    
		   # Filter version from X.Y to X
		   majorVer=$(echo $majorVer | awk 'BEGIN {FS="."} {print $1}')
		fi

        # other Linuxs: amzaon, cloud...

        # If its SuSE and major version is 9+
        if [ $isSuSE -eq 1 ] && [ $majorVer -gt 9 -o $isSuSEfirewall2_init -eq 1 ]; then

            if [ -f /proc/net/ip_tables_names ]; then
                   echo 1;
                else
                   echo 0;
                fi

        elif [ $isRHEL -eq 1 -o $isCentOS -eq 1 ] && [ $majorVer -gt 6 ]; then

                result=$(systemctl list-unit-files |grep -e "firewalld.service"|awk {'print $2'}|cut -c-7)
                if [ "$result" == "enabled" ]; then
                        echo 1;
                else
                        echo 0;
                fi

        elif [ $isUbuntu -eq 1 ]; then

                result=$(sudo ufw status| awk {'print $2'}|cut -c-6)
                if [ "$result" == "active" ]; then
                        echo 1;
                else
                        echo 0;
                fi

        elif [ $isDebian -eq 1 ]; then

                if [  -f /usr/sbin/ufw ]; then
                   ufw_status=$(ufw status| awk {'print $2'}|cut -c-6 2>/dev/null)
                   if [ "$ufw_status" == "inacti" ]; then
                      # ufw status is inactive then we don't touch firewall, return now
                      echo 0
                      return
                   fi
                 fi

                # ufw is active or not exist
                if [ -f /proc/net/ip_tables_names ]; then
                   echo 1;
                else
                   echo 0;
                fi

        else

                ipTables2_ON=$(chkconfig --list iptables| awk {'print $4'} | cut -f2 -d":");
                ipTables3_ON=$(chkconfig --list iptables| awk {'print $5'} | cut -f2 -d":");
                ipTables5_ON=$(chkconfig --list iptables| awk {'print $7'} | cut -f2 -d":");

                if [ "$ipTables2_ON" == "on" ] && [ "$ipTables3_ON" == "on" ] && [ "$ipTables5_ON" == "on" ] ; then
                        ip4fireWallEnabled=1;
                fi

                ip6tables2_ON=$(chkconfig --list ip6tables| awk {'print $4'} | cut -f2 -d":");
                ip6tables3_ON=$(chkconfig --list ip6tables| awk {'print $5'} | cut -f2 -d":");
                ip6tables5_ON=$(chkconfig --list ip6tables| awk {'print $7'} | cut -f2 -d":");

                if [ "$ip6tables2_ON" == "on" ] && [ "$ip6tables3_ON" == "on" ] && [ "$ip6tables5_ON" == "on" ] ; then
                        ip6fireWallEnabled=1;
                fi

                if [ $ip4fireWallEnabled -eq 1 -o $ip6fireWallEnabled -eq 1 ] ; then
                        echo 1;
                else
                        echo 0
                fi
        fi
}
