#!/bin/bash

if ! command -v ufw &>/dev/null; then
  sudo pacman -S --noconfirm ufw
fi

if ! command -v ufw-docker &>/dev/null; then
  sudo pacman -S --noconfirm ufw-docker
fi

# Allow nothing in, everything out
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow ports for LocalSend
sudo ufw allow 53317/udp
sudo ufw allow 53317/tcp

# Allow SSH in
sudo ufw allow 22/tcp

# Allow Docker containers to use DNS on host
sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'

# Turn on the firewall
sudo ufw --force enable

# Turn on Docker protections
sudo ufw-docker install
sudo ufw reload
