#!/bin/bash
# Manage Core Nest ports using firewalld
# Usage: sudo ./firewalld.sh [open|close]

set -e

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PORTS_FILE="$SCRIPT_DIR/ports"

if [ "$EUID" -ne 0 ]; then
    echo "Error: This script must be run as root (use sudo)"
    exit 1
fi

if ! command -v firewall-cmd &> /dev/null; then
    echo "Error: firewalld is not installed"
    exit 1
fi

if [ ! -f "$PORTS_FILE" ]; then
    echo "Error: ports file not found at $PORTS_FILE"
    exit 1
fi

ACTION="${1:-}"
if [ "$ACTION" != "open" ] && [ "$ACTION" != "close" ]; then
    echo "Usage: sudo $0 [open|close]"
    exit 1
fi

if [ "$ACTION" = "open" ]; then
    echo "=== Opening Core Nest Ports (firewalld) ==="
else
    echo "=== Closing Core Nest Ports (firewalld) ==="
fi
echo ""

# Read ports and apply action
while IFS= read -r line || [ -n "$line" ]; do
    # Skip comments and empty lines
    [[ "$line" =~ ^#.*$ ]] && continue
    [[ -z "$line" ]] && continue

    port=$(echo "$line" | tr -d ' ')

    if [ "$ACTION" = "open" ]; then
        echo "  Port $port: Opening..."
        firewall-cmd --permanent --add-port="${port}/tcp"
        echo "  Port $port: ✓ Opened"
    else
        echo "  Port $port: Closing..."
        firewall-cmd --permanent --remove-port="${port}/tcp" 2>/dev/null || echo "  Port $port: Not found (already closed)"
        echo "  Port $port: ✓ Closed"
    fi
done < "$PORTS_FILE"

# Reload firewall to apply changes
echo ""
echo "Reloading firewall..."
firewall-cmd --reload

echo ""
echo "=== Done ==="