#!/bin/bash
# $Id: sys_fwrules.bash 2 2023-09-15 09:19:17Z bertrand $
# Ce script permet d'appliquer à nouveau la configuration du pare-feu 
# et de relancer fail2ban si présent pour rétablir les bannissements.
rulesv4="/etc/iptables/rules.v4"
rulesv6="/etc/iptables/rules.v6"
iptables=$(which iptables)
iptablesr=$(which iptables-restore)
ip6tables=$(which ip6tables)
ip6tablesr=$(which ip6tables-restore)
fail2ban_tool=$(which fail2ban-client)
fail2ban_cmdline="$fail2ban_tool status"
if [[ -n $iptables && -n $iptablesr && -f $rulesv4 ]]; then
	echo "Restore firewall rules from $rulesv4"
	$iptables -F
	$iptablesr < $rulesv4
	$iptables -L -n
else
	if [[ -z $iptables ]]; then
		echo "iptables not found"
	fi
	if [[ -z $iptablesr ]]; then
		echo "iptables-restore not found"
	fi
	if [[ ! -f $rulesv4 ]]; then
		echo "$rulesv4 does not exist"
	fi
fi
if [[ -n $ip6tables && -n $ip6tablesr && -f $rulesv6 ]]; then
	echo "Restore firewall rules from $rulesv6"
	$ip6tables -F
	$ip6tablesr < $rulesv6
	$ip6tables -L -n
else
	if [[ -z $ip6tables ]]; then
		echo "ip6tables not found"
	fi
	if [[ -z $ip6tablesr ]]; then
		echo "ip6tables-restore not found"
	fi
	if [[ ! -f $rulesv6 ]]; then
		echo "$rulesv6 does not exist"
	fi
fi
if [[ -n $fail2ban_tool ]]; then
	echo "Restart fail2ban to restore firewall rules"
	systemctl restart fail2ban
	if [[ -n $iptables ]]; then
		$iptables -L -n
	fi
	if [[ -n $ip6tables ]]; then
		$ip6tables -L -n
	fi
	sleep 3s
	$fail2ban_cmdline
else
	echo "fail2ban not found"
fi