#! /bin/bash

# Rocky 9 NOT tested

. /usr/src/k_framework/main.sh

# ---- VARS -----

VERSION="1.0.2"
SCRIPT_NAME="Iptables Check"

k_config_details
CFG=$SYSTEM_CONFIG
SUFFIX=$SYSTEM_CONFIG_DIR

TEST=0   # 1 - do not execute changes

# ---- FUNCTIONS -----
k_check_iptables_init() {

    if ! [[ $OS == "centos" && $DIST == 7 ]]; then
        report "This was tested on centos 7 only. On other OS check if this works" 1
        exit 1
    fi 

    local iptables_init_system="/usr/libexec/iptables/iptables.init"
    local iptables_init_modified="/usr/src/k_framework/helpers/iptables/init_files/c7/iptables.init_modified_${SUFFIX}"

    if ! [[ $OS == "centos" && $DIST == 7 ]]; then
        report "This was tested on centos 7 only. On other OS check if this works" 1
        EXIT_CODE=1 && return 1
    fi

    if [[ ! -e $iptables_init_system ]]; then
        report "$iptables_init_system does not exitst" 1
        EXIT_CODE=1 && return 1
    fi

    if [[ ! -e $iptables_init_modified ]]; then
        report "$iptables_init_modified does not exitst" 1
        EXIT_CODE=1 && return 1
    fi

    if ! diff $iptables_init_system "$iptables_init_modified" &>/dev/null; then
        report "Iptables init file $iptables_init_system is outdated" 1
        report "/usr/src/k_framework/helpers/iptables/iptables_init_update.sh" fix
        EXIT_CODE=1 && return 1
    else
        report "Iptables init file $iptables_init_system already updated" 0
    fi
}

# ---- MAIN -----

k_start $@

k_check_iptables_init

# ....
# Check other things about iptables, duplicate chains, etc

k_exit "$EXIT_CODE"