setup-firewall-server.sh

#!/bin/bash
TLD=$1
NET=$2

mkdir --parents $HOME/firewall/

echo && echo && \
echo "(1/9) backing-up previous configured FQDN.." && echo && sleep 1s
TIMESTAMP=$(date "+%Y-%m-%d_%H-%M-%S")
if [ -f "$HOME/firewall/fqdn" ]; then
    mv $HOME/firewall/fqdn $HOME/firewall/$TIMESTAMP-prev-fqdn
fi

touch $HOME/firewall/fqdn && echo "" > $HOME/firewall/fqdn

echo && echo && \
echo "(2/9) Discovering hosts in $NET.0 network.." && echo && sleep 1s

# iterate possible ip range
for i in {2..255}
do
 echo && \
 echo "==============================================================" && \
 echo "IP: $NET.$i" && \
 DIG=$(echo "$(dig @$NET.6 -x $NET.$i +short)" | grep $TLD | sed "s@$TLD.@$TLD@g")
 echo $DIG
 echo "==============================================================" && echo
 echo $DIG >> $HOME/firewall/fqdn
done

echo && echo && \
echo "(3/9) backing-up previous configured IP.." && echo && sleep 1s
if [ -f "$HOME/firewall/ip" ]; then
    mv $HOME/firewall/ip $HOME/firewall/$TIMESTAMP-prev-ip
fi

touch $HOME/firewall/ip

echo && echo && \
echo "(4/9) installing required binaries + enabling ufw.." && echo && sleep 1s
yum install -y bind-utils ufw && systemctl enable ufw && ufw enable

echo && echo && \
echo "(5/9) saving current firewall status.." && echo && sleep 1s
ufw status > $HOME/firewall/$TIMESTAMP-prev-ufw-status

echo && \
echo "==============================================================" && \
echo "FIREWALL PREVIOUS STATUS" && \
echo "==============================================================" && echo

cat $HOME/firewall/$TIMESTAMP-prev-ufw-status

echo && echo && \
echo "(6/9) Showing available apps.." && echo  && sleep 1s
for file in $(find /etc/ufw/applications.d/)
do 
    cat $file && echo
done

echo && echo && \
echo "(6/9) listing loaded apps.." && echo  && sleep 1s
ufw app list

for APP in "WWW" "WWW Secure"
do
    echo && echo && \
    echo "(7/9) DELETING \"$APP\" rule of previous IPs.." && echo  && sleep 1s
    if [ -f "$HOME/firewall/$TIMESTAMP-prev-ip" ]; then
        # Remove previously set firewall allows
        for PREV_IP in $(cat $HOME/firewall/$TIMESTAMP-prev-ip); do
            ufw delete allow from $PREV_IP to any app "$APP" > /dev/null
        done
    fi

    echo && echo && \
    echo "(8/9) ADDING \"$APP\" rule to new IPs.." && echo  && sleep 1s
    for FQDN in $(cat $HOME/firewall/fqdn); do
        # Look up IP per host
        # echo "Looking up IP for host:" $FQDN
        IP=$(dig @$NET.6 $FQDN +short)
        if [ $? -eq 0 ]; then
            echo $IP >> $HOME/firewall/ip
            ufw allow from $IP to any app "$APP" > /dev/null
        fi
    done
done

ufw status > $HOME/firewall/$TIMESTAMP-cur-ufw-status

echo && \
echo "==============================================================" && \
echo "FIREWALL CURRENT STATUS" && \
echo "==============================================================" && echo

cat $HOME/firewall/$TIMESTAMP-cur-ufw-status

echo && echo && \
echo "(9/9) Listing latest working files.." && echo  && sleep 1s
find $HOME/firewall/ | grep $TIMESTAMP
find $HOME/firewall/fqdn
find $HOME/firewall/ip