#!/bin/bash

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# $1 = source IP range
# $2 = flag for persistence

if [ -z "$1" ]; then
   source="any"
else
   source="$1"
fi

if [ -n "$2" ]; then
   persist=1
fi

# find available rule number
unset -v i new_rule idvar
declare -i new_rule=0 i=12300 idvar=0
while [[ $idvar -eq 0 ]]; do 
   if [[ -z "$(grep $i /etc/ipfilter/ipfw.conf.apple)" ]]; then
      new_rule=$i
      idvar=1
      #break
   fi
   i=$[i-1]
done

declare -i i=$new_rule idvar=0
while [[ $idvar -eq 0 ]]; do 
   if [[ -z "$(grep $i /etc/ipfilter/ipfw.conf)" ]]; then
      new_rule=$i
      idvar=1
      #break
   fi
   i=$[i-1]
done

if [ -n "$(ipfw list | grep 'dst-port 3389')" ]; then
   echo "active firewall already contains rdp rule "
else
   ipfw add $new_rule allow tcp from $source to any dst-port 3389
fi

if [ -n "$persist" ]; then
   if [ -n "$(grep 'dst-port 3389' /etc/ipfilter/ipfw.conf)" ]; then
      echo "RDP persistence already set"
   else
      echo "add $new_rule allow tcp from $source to any dst-port 3389" >> /etc/ipfilter/ipfw.conf
   fi
fi


