From a1d3c7857d03dc0ae1ea2345f6ead3df8f6962f6 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Mon, 20 May 2019 18:57:23 +0200
Subject: [PATCH] update_firewall-script_ipt-gateway.sh,
 update_firewall-script_ipt-server.sh: copy also changed configuration files.

---
 update_firewall-script_ipt-gateway.sh | 105 +++++++++++++++++++++++--
 update_firewall-script_ipt-server.sh  | 108 +++++++++++++++++++++++---
 2 files changed, 195 insertions(+), 18 deletions(-)

diff --git a/update_firewall-script_ipt-gateway.sh b/update_firewall-script_ipt-gateway.sh
index 6d7a1e2..b2c1d6f 100755
--- a/update_firewall-script_ipt-gateway.sh
+++ b/update_firewall-script_ipt-gateway.sh
@@ -198,6 +198,16 @@ DEFAULT_REPOSITORY_NAME="ipt-gateway"
 DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src"
 DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-gateway"
 DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-gateway"
+DEFAULT_CONFIG_DIR="/etc/ipt-firewall"
+DEFAULT_FIREWALL_CONFIGURATION_FILES="
+   default_ports.conf
+   include_functions.conf
+   load_modules_ipv4.conf
+   load_modules_ipv6.conf
+   logging_ipv4.conf
+   logging_ipv6.conf
+   post_decalrations.conf
+"
 
 if [[ -f "$conf_file" ]]; then
    source "$conf_file"
@@ -212,6 +222,10 @@ fi
 [[ -n "$IPV4_FIREWALL_SCRIPT" ]] || IPV4_FIREWALL_SCRIPT="$DEFAULT_IPV4_FIREWALL_SCRIPT"
 [[ -n "$IPV6_FIREWALL_SCRIPT" ]] || IPV6_FIREWALL_SCRIPT="$DEFAULT_IPV6_FIREWALL_SCRIPT"
 
+[[ -n "$CONFIG_DIR" ]] || CONFIG_DIR="$DEFAULT_CONFIG_DIR"
+
+[[ -n "$FIREWALL_CONFIGURATION_FILES" ]] || FIREWALL_CONFIGURATION_FILES="$DEFAULT_FIREWALL_CONFIGURATION_FILES"
+
 REPOSITORY_PATH="${REPOSITORY_BASE_PATH}/$REPOSITORY_NAME"
 
 
@@ -234,18 +248,27 @@ fi
 
 if $terminal ; then
    echo ""
-   echo -e "   Update firewall script '$IPV4_FIREWALL_SCRIPT' from local repositiry\033[1m$REPOSITORY_NAME\033[m  .."
+   echo -e "   Update firewall scripts from local repository \033[1m$REPOSITORY_NAME\033[m  .."
+
    echo ""
 fi
 
+restart_ipv6_firewall=false
+restart_ipv4_firewall=false
+
 echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
 if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then
-   cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
-   if [[ $? -gt 0 ]]; then
-      echo_failed
-      error "$(cat "$log_file")"
+   if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
+      echo_skipped
    else
-      echo_ok
+      cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+      if [[ $? -gt 0 ]]; then
+         echo_failed
+         error "$(cat "$log_file")"
+      else
+         echo_ok
+         restart_ipv4_firewall=true
+      fi
    fi
 else
    echo_skipped
@@ -254,7 +277,74 @@ fi
 
 echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
 if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
-   cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+   if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
+      echo_skipped
+   else
+      cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+      if [[ $? -gt 0 ]]; then
+         echo_failed
+         error "$(cat "$log_file")"
+      else
+         echo_ok
+         restart_ipv6_firewall=true
+      fi
+   fi
+else
+   echo_skipped
+   warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
+fi
+
+
+if $terminal ; then
+   echo ""
+   echo -e "   Update Configuration files from local repository \033[1m$REPOSITORY_NAME\033[m  .."
+
+   echo ""
+fi
+
+for _file_name in ${FIREWALL_CONFIGURATION_FILES} ; do
+   _file_src="${REPOSITORY_PATH}/conf/$_file_name"
+   _file_dst="${CONFIG_DIR}/$_file_name"
+   echononl "Copy firewall configuration file '$_file_name'.."
+   if [[ -f "$_file_src" ]]; then
+      if $(diff "$_file_src" "$_file_dst" > /dev/null 2>&1) ; then
+         echo_skipped
+      else
+         cp "$_file_src" "$_file_dst" > "$log_file" 2>&1
+         if [[ $? -gt 0 ]]; then
+            echo_failed
+            error "$(cat "$log_file")"
+         else
+            echo_ok
+            restart_ipv6_firewall=true
+            restart_ipv4_firewall=true
+         fi
+      fi
+   else
+      echo_skipped
+      warn "No configuration file '$_file_name' found!"
+   fi
+done
+
+
+blank_line
+
+echononl "Restart IPv4 Firewall.."
+if $restart_ipv4_firewall ; then
+   /usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
+   if [[ $? -gt 0 ]]; then
+      echo_failed
+      error "$(cat "$log_file")"
+   else
+      echo_ok
+   fi
+else
+   echo_skipped
+fi
+
+echononl "Restart IPv6 Firewall.."
+if $restart_ipv6_firewall ; then
+   /usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
    if [[ $? -gt 0 ]]; then
       echo_failed
       error "$(cat "$log_file")"
@@ -263,7 +353,6 @@ if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
    fi
 else
    echo_skipped
-   warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
 fi
 
 
diff --git a/update_firewall-script_ipt-server.sh b/update_firewall-script_ipt-server.sh
index 0e832a3..cd8b901 100755
--- a/update_firewall-script_ipt-server.sh
+++ b/update_firewall-script_ipt-server.sh
@@ -198,6 +198,16 @@ DEFAULT_REPOSITORY_NAME="ipt-server"
 DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src"
 DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-server"
 DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-server"
+DEFAULT_CONFIG_DIR="/etc/ipt-firewall"
+DEFAULT_FIREWALL_CONFIGURATION_FILES="
+   include_functions.conf
+   load_modules_ipv4.conf
+   load_modules_ipv6.conf
+   logging_ipv4.conf
+   logging_ipv6.conf
+   ports.conf
+   post_decalrations.conf
+"
 
 if [[ -f "$conf_file" ]]; then
    source "$conf_file"
@@ -212,6 +222,10 @@ fi
 [[ -n "$IPV4_FIREWALL_SCRIPT" ]] || IPV4_FIREWALL_SCRIPT="$DEFAULT_IPV4_FIREWALL_SCRIPT"
 [[ -n "$IPV6_FIREWALL_SCRIPT" ]] || IPV6_FIREWALL_SCRIPT="$DEFAULT_IPV6_FIREWALL_SCRIPT"
 
+[[ -n "$CONFIG_DIR" ]] || CONFIG_DIR="$DEFAULT_CONFIG_DIR"
+
+[[ -n "$FIREWALL_CONFIGURATION_FILES" ]] || FIREWALL_CONFIGURATION_FILES="$DEFAULT_FIREWALL_CONFIGURATION_FILES"
+
 REPOSITORY_PATH="${REPOSITORY_BASE_PATH}/$REPOSITORY_NAME"
 
 
@@ -234,19 +248,27 @@ fi
 
 if $terminal ; then
    echo ""
-   echo -e "   Update firewall script '$IPV4_FIREWALL_SCRIPT' from local repositiry\033[1m$REPOSITORY_NAME\033[m  .."
+   echo -e "   Update firewall scripts from local repository \033[1m$REPOSITORY_NAME\033[m  .."
    echo ""
 fi
 
+restart_ipv6_firewall=false
+restart_ipv4_firewall=false
+
 echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
 if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then
-   cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
-   if [[ $? -gt 0 ]]; then
-      echo_failed
-      error "$(cat "$log_file")"
-   else
-      echo_ok
-   fi
+	if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
+		echo_skipped
+	else
+		cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+		if [[ $? -gt 0 ]]; then
+			echo_failed
+			error "$(cat "$log_file")"
+		else
+			echo_ok
+			restart_ipv4_firewall=true
+		fi
+	fi
 else
    echo_skipped
    warn "No file '$IPV4_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
@@ -254,7 +276,74 @@ fi
 
 echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
 if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
-   cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+	if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
+      echo_skipped
+   else
+		cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+		if [[ $? -gt 0 ]]; then
+			echo_failed
+			error "$(cat "$log_file")"
+		else
+			echo_ok
+			restart_ipv6_firewall=true
+		fi
+	fi
+else
+   echo_skipped
+   warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
+fi
+
+
+if $terminal ; then
+   echo ""
+   echo -e "   Update Configuration files from local repository \033[1m$REPOSITORY_NAME\033[m  .."
+
+   echo ""
+fi
+
+for _file_name in ${FIREWALL_CONFIGURATION_FILES} ; do
+   _file_src="${REPOSITORY_PATH}/conf/$_file_name"
+   _file_dst="${CONFIG_DIR}/$_file_name"
+   echononl "Copy firewall configuration file '$_file_name'.."
+   if [[ -f "$_file_src" ]]; then
+      if $(diff "$_file_src" "$_file_dst" > /dev/null 2>&1) ; then
+         echo_skipped
+      else
+         cp "$_file_src" "$_file_dst" > "$log_file" 2>&1
+         if [[ $? -gt 0 ]]; then
+            echo_failed
+            error "$(cat "$log_file")"
+         else
+            echo_ok
+            restart_ipv6_firewall=true
+            restart_ipv4_firewall=true
+         fi
+      fi
+   else
+      echo_skipped
+      warn "No configuration file '$_file_name' found!"
+   fi
+done
+
+
+blank_line
+
+echononl "Restart IPv4 Firewall.."
+if $restart_ipv4_firewall ; then
+   /usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
+   if [[ $? -gt 0 ]]; then
+      echo_failed
+      error "$(cat "$log_file")"
+   else
+      echo_ok
+   fi
+else
+   echo_skipped
+fi
+
+echononl "Restart IPv6 Firewall.."
+if $restart_ipv6_firewall ; then
+   /usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
    if [[ $? -gt 0 ]]; then
       echo_failed
       error "$(cat "$log_file")"
@@ -263,7 +352,6 @@ if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
    fi
 else
    echo_skipped
-   warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
 fi