#!/bin/bash
#Opens the port any local service is listening on (ipv4). Requires APF.
#ssullivan@liquidweb.com
if ! type apf >/dev/null 2>&1
then
	echo "no apf found! exiting..."
	exit 1
else
apfConf=/etc/apf/conf.apf
echo "//////////////////////////////"
echo "//Backing up conf.apf..."
cp -Rp $apfConf $apfConf.lwbak
echo "//Backup created at $apfConf.lwbak !"
echo "//////////////////////////////"

################################
#    IG_TCP_CPORTS section
################################
#get the line number
count=0
lineTotal=$(cat $apfConf | wc -l)
for each in `seq 1 "$lineTotal"` ;
        do
                #echo $count
                count=`expr $count + 1`
                result=$(grep -n "." $apfConf | grep "^$count:" | grep IG_TCP_CPORTS | grep -v "#")
                if [ -n "$result" ] ; then
                        echo "Old value: $result"
			igtcpcpportsresult=$result
                fi
done
IG_TCP_CPORTSline=$(echo $igtcpcpportsresult | awk 'BEGIN { FS = ":" } ; { print $1 }')
echo "Line number: $IG_TCP_CPORTSline"

#delete the line number 
sed -i "$IG_TCP_CPORTSline"'d' $apfConf
#add IG_TCP_CPORTS= to the line number
sed -i "$IG_TCP_CPORTSline"'iIG_TCP_CPORTS=' $apfConf

## Here's another regex for this that should work as well...
## netstat -vtln | grep LISTEN | awk "{print \$4}" | awk 'NF > 0' | awk '{gsub("::","",$1);print $1}' | awk 'BEGIN { FS = "[:]+" } ; { print $2 }' | uniq
for port in `netstat -vtln | grep LISTEN | awk 'BEGIN { FS = " " } ; { print $4 }' | awk 'NF > 0' | awk '{gsub("::","",$1);print $1}' | awk 'BEGIN { FS = "[:]+" } ; { print $2 }' | uniq` ; 
	do 
		sed -i -e "s/IG_TCP_CPORTS=/IG_TCP_CPORTS=$port,/g" $apfConf ; 
	done

grep -R IG_TCP_CPORTS $apfConf | grep -v "#" > IG_TCP_CPORTS.tmp

sed -i 's/IG_TCP_CPORTS=/IG_TCP_CPORTS="/g' IG_TCP_CPORTS.tmp
sed -i '$s/,$//' IG_TCP_CPORTS.tmp
sed -i 's/$/"/' IG_TCP_CPORTS.tmp
IG_TCP_CPORTSfin=$(cat IG_TCP_CPORTS.tmp)
rm -rf IG_TCP_CPORTS.tmp
echo "New value: $IG_TCP_CPORTSfin"
#delete the line one last time...
sed -i "$IG_TCP_CPORTSline"'d' $apfConf
#add the new correct line with the correct ports as open
sed -i "$IG_TCP_CPORTSline"'i'"$IG_TCP_CPORTSfin" $apfConf



################################
#    IG_UDP_CPORTS section
################################
#get the line number
count=0
lineTotal=$(cat $apfConf | wc -l)
for each in `seq 1 "$lineTotal"` ;
        do
                #echo $count
                count=`expr $count + 1`
                result=$(grep -n "." $apfConf | grep "^$count:" | grep IG_UDP_CPORTS | grep -v "#")
                if [ -n "$result" ] ; then
                        echo "Old value: $result"
                        igudpcportsresult=$result
                fi
done
IG_UDP_CPORTSline=$(echo $igudpcportsresult | awk 'BEGIN { FS = ":" } ; { print $1 }')
echo "Line number: $IG_UDP_CPORTSline"

#delete the line number
sed -i "$IG_UDP_CPORTSline"'d' $apfConf
#add IG_UDP_CPORTS= to the line number
sed -i "$IG_UDP_CPORTSline"'iIG_UDP_CPORTS=' $apfConf

for port in `netstat -vtln | grep LISTEN | awk 'BEGIN { FS = " " } ; { print $4 }' | awk 'NF > 0' | awk '{gsub("::","",$1);print $1}' | awk 'BEGIN { FS = "[:]+" } ; { print $2 }' | uniq` ;
        do
                sed -i -e "s/IG_UDP_CPORTS=/IG_UDP_CPORTS=$port,/g" $apfConf ;
        done

grep -R IG_UDP_CPORTS $apfConf | grep -v "#" > IG_UDP_CPORTS.tmp
sed -i 's/IG_UDP_CPORTS=/IG_UDP_CPORTS="/g' IG_UDP_CPORTS.tmp
sed -i '$s/,$//' IG_UDP_CPORTS.tmp
sed -i 's/$/"/' IG_UDP_CPORTS.tmp
IG_UDP_CPORTSfin=$(cat IG_UDP_CPORTS.tmp)
rm -rf IG_UDP_CPORTS.tmp
echo "New value: $IG_UDP_CPORTSfin"
#delete the line one last time...
sed -i "$IG_UDP_CPORTSline"'d' $apfConf
#add the new correct line with the correct ports as open
sed -i "$IG_UDP_CPORTSline"'i'"$IG_UDP_CPORTSfin" $apfConf


################################
#    EG_TCP_CPORTS section
################################
#get the line number
count=0
lineTotal=$(cat $apfConf | wc -l)
for each in `seq 1 "$lineTotal"` ;
        do
                #echo $count
                count=`expr $count + 1`
                result=$(grep -n "." $apfConf | grep "^$count:" | grep EG_TCP_CPORTS | grep -v "#")
                if [ -n "$result" ] ; then
                        echo "Old value: $result"
                        egtcpportsresult=$result
                fi
done
EG_TCP_CPORTSline=$(echo $egtcpportsresult | awk 'BEGIN { FS = ":" } ; { print $1 }')
echo "Line number: $EG_TCP_CPORTSline"

#delete the line number
sed -i "$EG_TCP_CPORTSline"'d' $apfConf
#add EG_TCP_CPORTS= to the line number
sed -i "$EG_TCP_CPORTSline"'iEG_TCP_CPORTS=' $apfConf

for port in `netstat -vtln | grep LISTEN | awk 'BEGIN { FS = " " } ; { print $4 }' | awk 'NF > 0' | awk '{gsub("::","",$1);print $1}' | awk 'BEGIN { FS = "[:]+" } ; { print $2 }' | uniq` ;
        do
                sed -i -e "s/EG_TCP_CPORTS=/EG_TCP_CPORTS=$port,/g" $apfConf ;
        done

grep -R EG_TCP_CPORTS $apfConf | grep -v "#" > EG_TCP_CPORTS.tmp
sed -i 's/EG_TCP_CPORTS=/EG_TCP_CPORTS="/g' EG_TCP_CPORTS.tmp
sed -i '$s/,$//' EG_TCP_CPORTS.tmp
sed -i 's/$/"/' EG_TCP_CPORTS.tmp
EG_TCP_CPORTSfin=$(cat EG_TCP_CPORTS.tmp)
rm -rf EG_TCP_CPORTS.tmp
echo "New value: $EG_TCP_CPORTSfin"
#delete the line one last time...
sed -i "$EG_TCP_CPORTSline"'d' $apfConf
#add the new correct line with the correct ports as open
sed -i "$EG_TCP_CPORTSline"'i'"$EG_TCP_CPORTSfin" $apfConf


################################
#    EG_UDP_CPORTS section
################################
#get the line number
count=0
lineTotal=$(cat $apfConf | wc -l)
for each in `seq 1 "$lineTotal"` ;
        do
                #echo $count
                count=`expr $count + 1`
                result=$(grep -n "." $apfConf | grep "^$count:" | grep EG_UDP_CPORTS | grep -v "#")
                if [ -n "$result" ] ; then
                        echo "Old value: $result"
                        egudpportsresult=$result
                fi
done
EG_UDP_CPORTSline=$(echo $egudpportsresult | awk 'BEGIN { FS = ":" } ; { print $1 }')
echo "Line number: $EG_UDP_CPORTSline"

#delete the line number
sed -i "$EG_UDP_CPORTSline"'d' $apfConf
#add EG_UDP_CPORTS= to the line number
sed -i "$EG_UDP_CPORTSline"'iEG_UDP_CPORTS=' $apfConf

for port in `netstat -vtln | grep LISTEN | awk 'BEGIN { FS = " " } ; { print $4 }' | awk 'NF > 0' | awk '{gsub("::","",$1);print $1}' | awk 'BEGIN { FS = "[:]+" } ; { print $2 }' | uniq` ;
        do
                sed -i -e "s/EG_UDP_CPORTS=/EG_UDP_CPORTS=$port,/g" $apfConf ;
        done

grep -R EG_UDP_CPORTS $apfConf | grep -v "#" > EG_UDP_CPORTS.tmp
sed -i 's/EG_UDP_CPORTS=/EG_UDP_CPORTS="/g' EG_UDP_CPORTS.tmp
sed -i '$s/,$//' EG_UDP_CPORTS.tmp
sed -i 's/$/"/' EG_UDP_CPORTS.tmp
EG_UDP_CPORTSfin=$(cat EG_UDP_CPORTS.tmp)
rm -rf EG_UDP_CPORTS.tmp
echo "New value: $EG_UDP_CPORTSfin"
#delete the line one last time...
sed -i "$EG_UDP_CPORTSline"'d' $apfConf
#add the new correct line with the correct ports as open
sed -i "$EG_UDP_CPORTSline"'i'"$EG_UDP_CPORTSfin" $apfConf
/etc/init.d/apf restart
echo "All service ports have been opened in APF configuration."
fi