#!/bin/sh
# 2024-05-26
# Dominic Reich

BFILE=/srv/http/blocked.txt

if [[ $USER == "root" ]]; then
	echo >&2 "User must not be root! Exiting"
	exit 1
fi

while read ip; do sudo ipset -exist -A badips "$ip"; done < ~/ips

FILEBACKUP=14

if [ ${FILEBACKUP} -ne 0 ]; then
	sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d)
fi

BACKUPCOUNT=$(ls ${BFILE}* | wc -l)
BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP})
if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then
	for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE})
	do
		sudo rm ${f}
	done
fi

sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null

# Test if current ip is in the badips set
sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')

sudo ipset --terse -L