#! /bin/bash

# Rocky9 compatible

# argument from-src forces iptables compile from source

. /usr/src/k_framework/main.sh

# ---- VARS -----

VERSION="1.2.6"
SCRIPT_NAME="iptables Install"


# ---- FUNCTIONS -----

# ---- MAIN -----

k_start


k_supported_os_check
if [ "$?" != "0" ]; then k_exit 1; fi


report "Installing kernel-devel and checking for the newest kernel" 3
yum -y install kernel-devel

if rpm -q kernel-devel | grep `uname -r`; then
    kernel=`uname -r`
    report "Newest Kernel installed: $kernel" 0
else
    report "Newest Kernel not installed" 2
    report "Press ENTER to install it and reboot the server or CTRL+C to cancel the script" 3
    read
    report "Updating to the new Kernel and rebooting the server" 3
    yum -y update kernel
    reboot
fi


if systemctl status iptables.service | grep -q "Active: active"; then
    report "iptables already installed and active" 0
    exit
fi


report "Installing iptables" 3
systemctl stop firewalld > /dev/null 2>&1
systemctl disable firewalld > /dev/null 2>&1


if [[ $1 == "from-src" ]]; then

    # installing iptables from src, to properly compile rtpengine
    cd /usr/src/
    wget https://www.netfilter.org/projects/iptables/files/iptables-1.8.9.tar.xz
    tar -xf iptables-1.8.9.tar.xz
    cd iptables-1.8.9
    ./configure --prefix=/usr/lib64  --disable-nftables --enable-libipq  --enable-devel --enable-static --enable-shared --libdir=/usr/lib64
    make && make install

    if [ ! -f /usr/lib64/libip4tc.so.2.0.0 ]; then
        report "Install failed, libiptc library missing, report MK" 1
        k_exit 1
    fi

    # nasty hacking: lib vs lib64
    ln -s /usr/lib64/libip4tc.so.2.0.0 /usr/lib64/libiptc.so
    #cp -fr /usr/lib/pkgconfig/libip*tc.pc /usr/lib64/pkgconfig
    #ln -s /usr/lib64/xtables /usr/lib/xtables

    yum -y install iptables-services

    # cleanup
    #cd /usr/src
    #rm -fr /usr/src/iptables-1.8.9.tar.xz
    #rm -fr /usr/src/iptables-1.8.9

else

    yum -y install iptables-services iptables-devel

fi

systemctl enable iptables.service
systemctl start iptables.service

report "Cleaning iptables" 3
iptables -F
service iptables save

if systemctl status iptables.service | grep -q "Active: active"; then
    report "iptables service is active" 0
else
    report "iptables service is not active" 1
    k_exit 1
fi

k_exit 0