From 2989e82ddf5db9ba46cbd3938db922860dd3d031 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Fri, 26 Nov 2021 21:56:13 +0000
Subject: [PATCH] Do ufw

---
 src/steps-postinstall/15-ufw.sh | 18 ++++++++++++++++++
 src/steps-preinstall/15-ufw.sh  |  5 +++++
 2 files changed, 23 insertions(+)
 create mode 100644 src/steps-postinstall/15-ufw.sh
 create mode 100644 src/steps-preinstall/15-ufw.sh

diff --git a/src/steps-postinstall/15-ufw.sh b/src/steps-postinstall/15-ufw.sh
new file mode 100644
index 0000000..e223184
--- /dev/null
+++ b/src/steps-postinstall/15-ufw.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+task_begin "Configuring firewall";
+
+#shellcheck disable=SC2154
+while read -r rule; do
+	execute ufw ${rule};
+done < <(cat "${temp_dir}/ufw-rules.txt");
+
+task_end "$?" "Error: Failed to configure firewall";
+
+
+# TODO: Make this automatic. For now it's on a prompt to avoid a lockout.
+if ask_yesno "Enable UFW? Current firewall rules are listed below.\n$(ufw show added)"; then
+	task_begin "Enabling UFW";
+	execute ufw enable;
+	task_end "$?" "Error: Failed to enable UFW"
+fi
diff --git a/src/steps-preinstall/15-ufw.sh b/src/steps-preinstall/15-ufw.sh
new file mode 100644
index 0000000..a627824
--- /dev/null
+++ b/src/steps-preinstall/15-ufw.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+queue_apt_install ufw;
+
+queue_firewall_rule allow 22/tcp comment ssh;