#!/bin/bash

iptables -t filter -P FORWARD ACCEPT
iptables -t filter -F FORWARD

iptables -t filter -A FORWARD -p tcp --dport 135 -j DROP
iptables -t filter -A FORWARD -p tcp --dport 445 -j DROP
iptables -t filter -A FORWARD -p tcp --dport 1025 -j DROP
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

rm -f /admin/lista.txt
wget -O /admin/lista.txt ftp://serverconfig:serverpasswd@80.97.51.10/mosilor.txt

sleep 3

touch /admin/ipuridublate.txt
ip add sh | grep "89.39." | tr -s ' ' | cut -f3,8 -d ' ' >/admin/listaGWexistente.txt

echo '## eliminare gateway-uri multiple'
while read linie; do
ip=`echo $linie|cut -f1 -d '/'`
device=`echo $linie|cut -f2 -d ' '`
comp=`cat /admin/listaGWexistente.txt| grep $ip/30`
if [ "$linie" != "$comp" ]; then
ip add del $ip/30 dev $device
echo Stergere ip dublat $ip/30 device $device
echo $ip/30 >> /admin/ipuridublate.txt
fi
done < /admin/listaGWexistente.txt

echo '## construire lista gateway-uri existente'
while read linie; do
cat /admin/listaGWexistente.txt| grep -v $linie > /admin/listaGWexistente.tmp
rm -f /admin/listaGWexistente.txt
mv -f /admin/listaGWexistente.tmp /admin/listaGWexistente.txt
done < /admin/ipuridublate.txt
rm -f /admin/ipuridublate.txt

echo '## eliminare gw suplimentare'
while read linie; do
device=`echo $linie|cut -f2 -d ' '`
gwexistent=`echo $linie|cut -f1 -d ' '`
gwnou=`cat /admin/lista.txt|grep $gwexistent|cut -f4 -d ' '`
#echo gwexistent $gwexistent gwnou $gwnou
if [ "$gwexistent" != "$gwnou" ]; then
ip add del $gwexistent dev $device
#echo stergere gwexistent $gwexistent device $device
fi
done < /admin/listaGWexistente.txt
#echo 123
rm -f /admin/temp/*

echo '## stergere gateway-uri de pe alte device-uri / adaugare gateway-uri'
while read linie; do
#echo linia originala $linie
broadcast=`echo $linie|cut -f6 -d ' '`
devicenou=`echo $linie|cut -f1 -d ' '`
gatewaynou=`echo $linie|cut -f4 -d ' '`
gatewayvechi=`cat /admin/listaGWexistente.txt|grep $gatewaynou|cut -f1 -d ' '`
devicevechi=`cat /admin/listaGWexistente.txt|grep $gatewaynou|cut -f2 -d ' '`
subnet=`echo $linie|cut -f3 -d ' '`
nume=`echo $linie|cut -f2 -d ' '`
mac=`echo $linie|cut -f7 -d ' '`
ip=`echo $linie|cut -f5 -d ' '`
router=`echo $linie|cut -f4 -d ' '|cut -f1 -d '/'`
echo "subnet $subnet netmask 255.255.255.252 { option routers $router; host $devicenou-$nume { hardware ethernet $mac; fixed-address $ip; } }">>/admin/temp/$devicenou

#echo 456
if [ $gatewayvechi ]; then
 comp1=$gatewaynou$devicenou
 comp2=$gatewayvechi$devicevechi
#echo comp1 $comp1 comp2 $comp2
 if [ "$comp1" != "$comp2" ]; then
  ip add del $gatewayvechi dev $devicevechi
  unset gatewayvechi
 fi
fi

if [ -z $gatewayvechi ]; then
 vlan=`echo $devicenou|cut -f2 -d '.'`
 if [ $vlan ]; then
  eth=`echo $devicenou|cut -f1 -d '.'`
  exist=`ip add show dev $devicenou`
  if [ -z "$exist" ]; then 
#   ifconfig $eth 0.0.0.0 up
   vconfig add $eth $vlan
#   ifconfig $devicenou up
#echo adaugare gatewaynou $gatewaynou dev $devicenou broadcast $broadcast
   ip add add $gatewaynou dev $devicenou broadcast $broadcast
#echo s-a adaugat $gatewaynou
  else
#   ifconfig $devicenou up
#echo adaugare gatewaynou $gatewaynou dev $devicenou broadcast $broadcast
   ip add add $gatewaynou dev $devicenou broadcast $broadcast
#echo s-a adaugat $gatewaynou
  fi
 fi
fi
done < /admin/lista.txt


echo "ddns-update-style interim;">/etc/dhcpd.conf
echo "subnet 80.97.51.0 netmask 255.255.255.240 { }">>/etc/dhcpd.conf
echo "option domain-name-servers 80.97.51.5, 194.102.255.2, 194.102.255.3;">>/etc/dhcpd.conf
for echipament in `ls /admin/temp`; do
echo "shared-network $echipament {">>/etc/dhcpd.conf
cat /admin/temp/$echipament>>/etc/dhcpd.conf
echo "}">>/etc/dhcpd.conf
done

ip add sh | grep @ > /admin/vlanuri
while read linie; do

vln=`echo $linie | cut -f1 -d '@'|cut -f2 -d ' '`
cond=`ip add sh $vln | grep inet`
if [ -z "$cond" ]; then
vconfig rem $vln
fi
done < /admin/vlanuri
rm -f /admin/vlanuri

echo '## generare reguli iptables (daca este cazul)'

for echipament in `ls /admin/temp`; do
i=0
while read linie; do
let i++
done < /admin/temp/$echipament
if [ "$i" -gt 1 ]; then
while read linie; do
ip=`echo $linie | cut -f16 -d ' '| cut -f1 -d ';'`
mac=`echo $linie | cut -f14 -d ' '| cut -f1 -d ';'`
iptables -t filter -A FORWARD -s $ip -m mac --mac-source $mac -j ACCEPT
iptables -t filter -A FORWARD -d $ip -j ACCEPT
done < /admin/temp/$echipament
fi
done

iptables -t filter -P FORWARD DROP
killall dhcpd
dhcpd
echo 'MOSILOR succes'
