102 lines
2.4 KiB
Bash
Executable File
102 lines
2.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
say(){ echo "[nft-fw-nd-priv:remove] $*"; }
|
|
ts(){ date +"%Y%m%d-%H%M%S"; }
|
|
|
|
need_root() {
|
|
if [[ "${EUID:-$(id -u)}" -ne 0 ]]; then
|
|
say "ERROR: Please run as root."
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Determine directory of this script (works even when called via symlink)
|
|
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
|
BACKUP_DIR="${SCRIPT_DIR}/uninstalled-$(ts)"
|
|
|
|
ensure_backup_dir() {
|
|
mkdir -p "$BACKUP_DIR"
|
|
}
|
|
|
|
# Move a file into BACKUP_DIR while preserving its absolute path structure
|
|
# e.g. /etc/default/nft-fw -> $BACKUP_DIR/etc/default/nft-fw
|
|
backup_then_remove() {
|
|
local src="$1"
|
|
|
|
if [[ -e "$src" ]]; then
|
|
ensure_backup_dir
|
|
local rel="${src#/}" # strip leading /
|
|
local dst="${BACKUP_DIR}/${rel}"
|
|
mkdir -p "$(dirname -- "$dst")"
|
|
say "Backing up $src -> $dst"
|
|
mv -f -- "$src" "$dst"
|
|
else
|
|
say "Not present: $src"
|
|
fi
|
|
}
|
|
|
|
remove_file() {
|
|
local f="$1"
|
|
if [[ -e "$f" ]]; then
|
|
say "Removing $f"
|
|
rm -f -- "$f"
|
|
else
|
|
say "Not present: $f"
|
|
fi
|
|
}
|
|
|
|
need_root
|
|
|
|
SERVICE="nft-fw.service"
|
|
|
|
say "Backup directory (if needed): $BACKUP_DIR"
|
|
|
|
say "Stopping/disabling systemd unit (if present)..."
|
|
if command -v systemctl >/dev/null 2>&1; then
|
|
if systemctl list-unit-files | awk '{print $1}' | grep -qx "$SERVICE"; then
|
|
systemctl disable --now "$SERVICE" || true
|
|
else
|
|
systemctl stop "$SERVICE" 2>/dev/null || true
|
|
fi
|
|
fi
|
|
|
|
say "Trying to stop firewall via fw-stop (if installed)..."
|
|
if [[ -x /usr/local/sbin/fw-stop ]]; then
|
|
/usr/local/sbin/fw-stop || true
|
|
fi
|
|
|
|
say "Removing installed scripts..."
|
|
backup_then_remove /usr/local/sbin/fw-apply
|
|
backup_then_remove /usr/local/sbin/fw-stop
|
|
|
|
say "Removing template..."
|
|
backup_then_remove /etc/nftables.conf.in
|
|
|
|
say "Removing default config..."
|
|
backup_then_remove /etc/default/nft-fw
|
|
|
|
say "Removing systemd unit file..."
|
|
backup_then_remove /etc/systemd/system/nft-fw.service
|
|
|
|
say "Reloading systemd..."
|
|
if command -v systemctl >/dev/null 2>&1; then
|
|
systemctl daemon-reload || true
|
|
fi
|
|
|
|
say "Cleaning fail2ban drop-in (leaving fail2ban installed)..."
|
|
F2B_DROPIN="/etc/fail2ban/jail.d/nft-fw-nd-priv.local"
|
|
if [[ -e "$F2B_DROPIN" ]]; then
|
|
backup_then_remove "$F2B_DROPIN"
|
|
if command -v systemctl >/dev/null 2>&1; then
|
|
systemctl restart fail2ban 2>/dev/null || true
|
|
fi
|
|
else
|
|
say "Not present: $F2B_DROPIN"
|
|
fi
|
|
|
|
say "Done."
|
|
say "Note: update-alternatives were left unchanged (as requested)."
|
|
say "Backups (if any) are in: $BACKUP_DIR"
|
|
|