#!/bin/sh

if [[ $EUID -ne 0 ]]; then
   echo "In order to interact with the firewall you must be the root user"; 
   exit 1
fi

if [ "$#" -eq 0 ]; then
   echo "Not enough ARGS"
   exit 1 
fi

enable(){
   if [ ! -f /etc/pf.conf ]; then
       echo "Config not found. Creating one now"
       echo "table <badhosts> persist" >> /etc/pf.conf
       echo "block on pdp_ip0 from <badhosts> to any">> /etc/pf.conf
       echo "block on en0 from <badhosts> to any">> /etc/pf.conf
       echo "Config created at /etc/"
   fi
   pfctl -e -q
   pfctl -f /private/etc/pf.conf; clear  
   printf "\nThe firewall is now enabled\n\n"
}

disable(){
    pfctl -d -q
    printf "\nThe Firewall is now disabled\n\n"
}

allow(){
   if [ -z "$1" ]; then
       printf "\nUsage: efw allow ARGS\n\n"
       printf "Where ARGS is an ip address\n\n"
   fi
   pfctl -q -t badhosts -T delete $1 
}

deny(){
   if [ -z "$1" ]; then
       printf "\nUsage: efw deny ARGS\n\n"
       printf "Where ARGS is an ip address\n\n"
   fi
   pfctl -q -t badhosts -T add $1 
}

file(){
   if [ -z "$1" ]; then
       printf "\nUsage: efw file ARGS\n\n"
       printf "Where ARGS is an absolute /path/to/the/text/file\nNOTE: every IP or servername must be on their own line\n\n"
   fi
    if [  -f "$1" ]; then
          pfctl  -q -t badhosts -T add -f "$1"
    fi
}

status(){
   pfctl -sa
   printf "\n"
   echo "Blocked incoming IPs"
   pfctl -t badhosts -T show
}

batch(){
if [ -z "$1" ]; then
       printf "\nUsage: efw batch ARGS\n"
       printf "Where ARGS is allow or deny\n\n"
   fi

if [ "$1" = "allow" ]; then
  printf "Enter an IP address then press return. Type done to stop\n"
  read ip
  while [ "$ip" != "done" ];
   do
      allow $ip
      read ip 
   done
fi
 
if [ "$1" = "deny" ]; then
  printf "Enter an IP address then press return type done to stop\n"
  read ip
  while [ "$ip" != "done" ];
   do
      deny $ip
      read ip 
   done
fi

}

restart(){
    pfctl -d -q
    sleep 2
    enable
}

version(){
     printf "\n"
    echo "Easy Firewall v0.6"
    printf "\n"
}

view(){
    if [ "$1" = "hosts" ]; then
    printf "\n "
     netstat 2>/dev/null | awk '{print $5}' | tail -n +2 | sed '/^ *$/q'
    else 
         if [ "$1" = "ips" ]; then
                netstat -tn 2>/dev/null | awk '{print $5}' | tail -n +2 | sed '/^ *$/q'
          else 
       printf "\nUsage: efw view ARGS\n"
       printf "Where ARGS is ‘hosts’ or ‘ips’ \n\n"
         fi
    fi
  
}

help(){
   printf "\nUsage: efw COMMAND\n\n"
   echo "Commands:"
   echo " enable             enables the firewall"
   echo " disable            disables the firewall"
   echo " restart            restarts the firewall"
   printf "\n"
   echo " allow ARGS         add allow rule"
   echo " deny ARGS          add deny rule"
   echo " file ARG.          block IPs from text file" 
   echo " batch              allow or deny multiple IPs"
   printf "\n"
   echo " status             see status of firewall"
   echo " view               view all incoming IP connections "
   echo " help               shows this message"
   echo " version            shows the version "
   printf "\n"
}
$1 $2
