#!/bin/sh

set -e

# debconf
. /usr/share/debconf/confmodule
db_version 2.0

CONFFILE="/etc/ufw/ufw.conf"
USER_PATH="/etc/ufw"
TEMPLATE_PATH="/usr/share/ufw"

has_existing() {
    if [ ! -e "$USER_PATH/user.rules" ]; then
        return 1
    fi

    orig=`md5sum $TEMPLATE_PATH/user.rules | cut -d ' ' -f 1`
    orig_md5file="$TEMPLATE_PATH/user.rules.md5sum"
    user=`md5sum $USER_PATH/user.rules | cut -d ' ' -f 1`
    orig6=`md5sum $TEMPLATE_PATH/user6.rules | cut -d ' ' -f 1`
    orig6_md5file="$TEMPLATE_PATH/user6.rules.md5sum"
    user6=`md5sum $USER_PATH/user6.rules | cut -d ' ' -f 1`

    if [ "$orig" != "$user" ] && ! grep -q "$user" "$orig_md5file" 2>/dev/null ; then
        return 0
    elif [ "$orig6" != "$user6" ] && ! grep -q "$user6" "$orig6_md5file" 2>/dev/null ; then
        return 0
    else
        return 1
    fi
}

# If ufw is enabled (eg during an upgrade), then update debconf
if [ -f "$CONFFILE" ]; then
    if egrep -q '^ENABLED=yes$' "$CONFFILE" ; then
        db_set ufw/enable true || true
    else
        db_set ufw/enable false || true
    fi
fi

db_get ufw/enable
previous="$RET"

db_input medium ufw/enable || true
db_go

db_get ufw/enable
# only use existing_configuration/allow_known_ports if the user changed from
# false to true
if [ ! -z "$RET" ] && [ "$previous" = "false" ] && [ "$RET" = true ]; then
    if has_existing ; then
        # Can't reliably configure ports in an existing configuration
        db_text low ufw/existing_configuration || true
        db_go
    else
        db_input medium ufw/allow_known_ports || true
        db_go
        db_input low ufw/allow_custom_ports || true
        db_go
    fi
fi