#!/bin/bash

# Replace 'your_fqdn_here.com' with the actual FQDN you want to update
fqdn="your_fqdn_here.com"

# Path to the log file where the IP address will be recorded
log_file="/path/to/ip_log.txt"

# Function to resolve the IP address from FQDN
get_ip_address() {
    dig +short $fqdn
}

# Function to get the last recorded IP address from the log file
get_last_ip_address() {
    if [[ -f "$log_file" ]]; then
        tail -n 1 "$log_file"
    else
        echo ""
    fi
}

# Check if 'ufw' is installed
if ! command -v ufw &> /dev/null; then
    echo "UFW is not installed. Please install it first."
    exit 1
fi

# Check if 'dig' (from 'dnsutils') is installed
if ! command -v dig &> /dev/null; then
    echo "The 'dnsutils' package is not installed. Please install it first."
    exit 1
fi

# Enable UFW if it's not already enabled
ufw --force enable

# Get the current and last recorded IP addresses
current_ip=$(get_ip_address)
last_ip=$(get_last_ip_address)

if [[ -z $current_ip ]]; then
    echo "Unable to resolve the IP address for '$fqdn'."
    exit 1
fi

if [[ $current_ip != $last_ip ]]; then
    # Remove the old IP address from UFW rules if it exists
    if [[ -n $last_ip ]]; then
        ufw delete allow from $last_ip
    fi

    # Allow traffic from the obtained IP address
    ufw allow from $current_ip
    ufw reload

    # Log the current IP address to the file
    echo "$current_ip" >> "$log_file"
    
    echo "UFW has been updated to allow traffic from $fqdn ($current_ip)."
else
    echo "IP address for '$fqdn' has not changed. No updates needed."
fi