#!/bin/bash

# Script to add iptables rules per element
#
# The only input argument is an iptables rule without the command option.
# This case covers all of the current usage of elements that insert rules
# in the 97-iptables files.
# Example usage:
# add-rule INPUT -p tcp -m multiport --dports 3260,8776 -j ACCEPT
# add-rule INPUT -p tcp --dport 4730 -j ACCEPT
# add-rule FORWARD -d 192.0.2.0/24 -j ACCEPT

set -eu
set -o pipefail

RULE="$@"

DISTRO=`lsb_release -si` || true


if [[ "RedHatEnterpriseServer CentOS Fedora" =~ "$DISTRO" ]]; then
    IPT_FILE=
    # Check if the iptables service is active
    if systemctl is-active iptables.service ; then
        IPT_FILE=/etc/sysconfig/iptables
    fi
    if [ -f "$IPT_FILE" ]; then

        iptables-restore < $IPT_FILE
    fi

    if [ -n "$IPT_FILE" ]; then

        iptables -C $RULE || iptables -I $RULE

        iptables-save > $IPT_FILE
    fi

elif [[ "Debian Ubuntu" =~ "$DISTRO" ]]; then
    service iptables-persistent reload

    iptables -C $RULE || iptables -I $RULE

    service iptables-persistent save

fi