#!/bin/sh

if [ -f /mnt/factory/factorysafedir/ishosted ]; then
# Get ROUTER IP address from network.conf
	. /etc/fiad-conf/sysconfig/network.conf

#Get Redundant device IP address from rsyncd
	REDUNDANT_DEVICE_IP=$(cat /mnt/flashfs/configs/current/rsyncd.conf | grep allow= | cut -f 2 -d '='|  head -1)
	if [ "$REDUNDANT_DEVICE_IP" = "" ]; then
		echo "ecqx_firewall_norm: Cannot extract Redundant Device IP address"
		exit 1
	fi
	if [ $ROUTER_IP = "" ]; then
		echo "ecqx_firewall_norm: Cannot Extract Current Device Router IP address"
		exit 1
	fi
# Update Firewall Allowed IP list
	/bin/sed -i "/ServiceAllowedALL$REDUNDANT_DEVICE_IP/,+8d" /mnt/flashfs/configs/current/firewall/fw.serports
	/bin/sed -i "/ServiceAllowedALL$ROUTER_IP/,+8d" /mnt/flashfs/configs/current/firewall/fw.serports
	/bin/sed -i "/ServiceAllowedALL212.34.248.234/,+8d" /mnt/flashfs/configs/current/firewall/fw.serports
	/bin/sed -i "/ServiceAllowedALL192.168./,+8d" /mnt/flashfs/configs/current/firewall/fw.serports

	echo "section ServiceAllowedALL--Epygi {" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "target=ACCEPT" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "name=ALL" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "chain=ServiceAllowed" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "ip=--Epygi" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "restip=" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "descr=Epygi" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "state=1" >> /mnt/flashfs/configs/current/firewall/fw.serports
	echo "}" >> /mnt/flashfs/configs/current/firewall/fw.serports

#Add in Epygi Group
	echo "ip_0=epygiarm.epygicloud.com" >/mnt/flashfs/configs/current/firewall/iplists/Epygi
	echo "ip_1=$ROUTER_IP" >>/mnt/flashfs/configs/current/firewall/iplists/Epygi
	echo "ip_2=$REDUNDANT_DEVICE_IP" >>/mnt/flashfs/configs/current/firewall/iplists/Epygi

#Add in ipgroups
	echo "section Epygi {" >/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "Description=Epygi, Redundacy" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "Member_0=epygiarm.epygicloud.com" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "Descr_0=Epygi support" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "MemberList=0,1,2," >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "Member_1=$ROUTER_IP" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "Descr_1=Epygi, Redundancy Support" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "Member_2=$REDUNDANT_DEVICE_IP" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "Descr_2=Epygi, Redundancy Support" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups
	echo "}" >>/mnt/flashfs/configs/current/firewall/fw.ipgroups

#Add in hosts fixed IP address 178.160.209.50, system will correct the correct IP address in 5 minutes
	echo "178.160.209.50	epygiarm.epygicloud.com #Added by fw" >>/mnt/flashfs/configs/current/hosts
	exit 0
fi
