#!/bin/sh
# 2024-05-26
# lastmod: 2024-09-08
# Dominic Reich

BFILE=/srv/http/blocked.txt
IPFILE=~/ips
COUNT=$(wc -l ~/ips | cut -d' ' -f1)

if [[ $USER == "root" ]]; then
	echo >&2 "User must not be root! Exiting"
	exit 1
fi

OLDNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs)

while read ip; do sudo ipset -exist -A badips "$ip"; done < $IPFILE

FILEBACKUP=14

if [ ${FILEBACKUP} -ne 0 ]; then
	sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d)
fi

BACKUPCOUNT=$(ls ${BFILE}* | wc -l)
BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP})
if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then
	for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE})
	do
		sudo rm ${f}
	done
fi

# save to blocklist file in webroot
sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null

# save to /etc/ipset.conf
sudo ipset save -file /etc/ipset.conf

# Test if current ip is in the badips set
# sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')
sudo ipset -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')

#sudo ipset --terse -L

NEWNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs)

rm -f $IPFILE

echo "Added $((${NEWNUM}-${OLDNUM}))/${COUNT} IPs (${OLDNUM} → ${NEWNUM})"