#!/bin/ksh
# install to /usr/local/bin on firewall
# OpenBSD pdksh

hostname_file='/etc/myname'

if [ "$(id -u)" -ne 0 ]; then
  printf 'Must be run as root.\n' >&2
  exit 1
fi
if [ ! -f "$hostname_file" ]; then
  printf 'No hostname file. Is this the right server?\n' >&2
  exit 1
fi
if [ "$(<"$hostname_file")" != 'danknasty' ]; then
  printf 'Only designed to be run on danknasty.\n' >&2
  exit 1
fi

fw_config="/etc/pf_${ssl_service}.conf"

if [ ! -f "$fw_config" ]; then
  printf 'No firewall config found for %s at %s.\n' "$ssl_service" "$fw_config" >&2
  exit 1
fi

printf 'Setting "%s" for "%s".\n' "$state" "$ssl_service"
printf 'Firewall config: "%s"\n' "$fw_config"

if [ "$state" == 'HTTP_UP' ]; then
  printf 'Removing comment\n'
  sed -i 's/^# pass/pass/' "$fw_config"
  if [ $? != 0 ]; then
    printf 'Failed to configure %s http port up.\n' "$ssl_service" >&2
    exit 1
  fi
elif [ "$state" == 'HTTP_DOWN' ]; then
  printf 'Adding comment\n'
  sed -i 's/^pass/# pass/' "$fw_config"
  if [ $? != 0 ]; then
    printf 'Failed to configure %s http port down.\n' "$ssl_service" >&2
    exit 1
  fi
else
  printf 'Invalid state: %s.\n' "$state" >&2
  exit 1
fi

/usr/local/bin/pfhup
if [ $? != 0 ]; then
  printf 'Failed to restart firewall. Check config immediately.\n' >&2
  exit 1
fi

printf 'success\n'