#!/bin/bash

set -euo pipefail

sudo apt install -y ufw

sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow SSH port
port=$(cat /etc/ssh/sshd_config | grep -o 'Port [0-9]*' | grep -o '[0-9]*')
sudo ufw allow "$port/tcp"

# Allow Nginx if installed
if ! which nginx; then
    sudo ufw allow "Nginx Full"
fi

sudo ufw show added

read -p "Rules good? [y/N]: " prompt
if [[ $prompt == "y" ]]; then
    sudo ufw enable
fi