#!/bin/bash

if [[ `chkconfig shorewall --list | grep 3:on` && `iptables -L | grep -i shorewall` ]]; then

cd /etc/shorewall

if [[ `shorewall version | cut -c1` == "2" ]]; then

if [[ ! -f /etc/shorewall/action.AllowHypericAgent ]]; then
wget http://repository.contegix.com/software/shorewall/2.4/config/action.AllowHypericAgent
chmod 600 action.AllowHypericAgent
fi
if [[ ! -f /etc/shorewall/action.AllowHypericServer ]]; then
wget http://repository.contegix.com/software/shorewall/2.4/config/action.AllowHypericServer
chmod 600 action.AllowHypericServer
fi
if [[ ! -f /etc/shorewall/action.AllowNetVault ]]; then
wget http://repository.contegix.com/software/shorewall/2.4/config/action.AllowNetVault
chmod 600 action.AllowNetVault
fi

if [[ ! `grep Hyperic /etc/shorewall/actions` ]]; then
sed '/#LAST LINE/s/^/AllowHypericAgent\nAllowHypericServer\n/' -i /etc/shorewall/actions
fi 

if [[ ! `grep NetVault /etc/shorewall/actions` ]]; then
sed '/#LAST LINE/s/^/AllowNetVault\n/' -i /etc/shorewall/actions
fi

if [[ ! `grep Hyperic /etc/shorewall/rules` ]]; then
sed '/#LAST LINE/s/^/#\n#\tAccept Hyperic Agent connections\n#\t\t- from the backnet(10.10.0.3) to the firewall\n#\nAllowHypericAgent\tbloc:10.10.0.3\t\tfw\n\n#\n#\tAccept Hyperic Server connections\n#\t\t- from the firewall to the backnet(10.10.0.3)\n#\nAllowHypericServer\tfw\t\t\tbloc:10.10.0.3\n\n/' -i.pre-hyperic /etc/shorewall/rules
fi

if [[ ! `grep NetVault /etc/shorewall/rules` ]]; then
sed '/#LAST LINE/s/^/#\n#\tAccept NetVault connections\n#\t\t- from the firewall to the backup servers (backnet)\n#\n#\nAllowNetVault\t\tbloc:10.10.0.100\tfw\nAllowNetVault\t\tfw\t\t\tbloc:10.10.0.100\nAllowNetVault\t\tbloc:10.10.0.150\tfw\nAllowNetVault\t\tfw\t\t\tbloc:10.10.0.150\nAllowNetVault\t\tbloc:10.10.0.200\tfw\nAllowNetVault\t\tfw\t\t\tbloc:10.10.0.200\n\n/' -i.pre-netvault /etc/shorewall/rules
fi

elif [[ `shorewall version | cut -c1` == "3" ]]; then

if [[ ! -f /etc/shorewall/macro.HypericAgent ]]; then
wget http://repository.contegix.com/software/shorewall/3.0/config/macro.HypericAgent
chmod 600 macro.HypericAgent
fi
if [[ ! -f /etc/shorewall/macro.HypericServer ]]; then
wget http://repository.contegix.com/software/shorewall/3.0/config/macro.HypericServer
chmod 600 macro.HypericServer
fi
if [[ ! -f /etc/shorewall/macro.NetVault ]]; then
wget http://repository.contegix.com/software/shorewall/3.0/config/macro.NetVault
chmod 600 macro.NetVault
fi

if [[ ! `grep Hyperic /etc/shorewall/rules` ]]; then
sed '/#LAST LINE/s/^/#\n#\tAccept Hyperic Agent connections\n#\t\t- from the backnet(10.10.0.3) to the firewall\n#\nHypericAgent\/ACCEPT\t\tbloc:10.10.0.3\t\tfw\n\n#\n#\tAccept Hyperic Server connections\n#\t\t- from the firewall to the backnet(10.10.0.3)\n#\nHypericServer\/ACCEPT\t\tfw\t\t\tbloc:10.10.0.3\n\n/' -i.pre-hyperic /etc/shorewall/rules
fi

if [[ ! `grep NetVault /etc/shorewall/rules` ]]; then
sed '/#LAST LINE/s/^/#\n#\tAccept NetVault connections\n#\t\t- from the firewall to the backup servers (backnet)\n#\nNetVault\/ACCEPT\t\tbloc:10.10.0.100\tfw\nNetVault\/ACCEPT\t\tfw\t\t\tbloc:10.10.0.100\nNetVault\/ACCEPT\t\tbloc:10.10.0.150\tfw\nNetVault\/ACCEPT\t\tfw\t\t\tbloc:10.10.0.150\nNetVault\/ACCEPT\t\tbloc:10.10.0.200\tfw\nNetVault\/ACCEPT\t\tfw\t\t\tbloc:10.10.0.200\n\n/' -i.pre-netvault /etc/shorewall/rules
fi

fi # If Shorewall 2 or 3

if [[ `shorewall check | grep "Configuration Validated"` ]]; then

echo "Ensure no errors have been reported and hit enter (Ctrl-C to exit)"
read
shorewall restart
echo "Above restart should have completed without errors."
echo "If so, changes are successfully completed"

else

echo "See above for shorewall errors"

fi # If Shorewall Check is GOOD

else

echo "Either Shorewall is not installed or it is not enabled"

fi # If Shorewall Exists and is Enabled