#!/bin/sh

# Get list of nefarious IP addresses from www.friedersdorff.com/.banned

BANNED_HOSTS=$(curl -s https://www.friedersdorff.com/.banned | 
  grep -o -E '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}/[[:digit:]]{1,2}')
ALLOWED_HOSTS=$(cat /etc/glocker/allowed_hosts)

ipset create glocker-tmp hash:net --hashsize 64
for host in $(echo $BANNED_HOSTS); do
  ipset add glocker-tmp $host
done

ipset create -exist glocker hash:net --hashsize 64
ipset swap glocker-tmp glocker
ipset destroy glocker-tmp
echo "IPSet: glocker updated"

# Use local list of explicitly allowed IP addresses from the local machine
ipset create glocker-tmp hash:net --hashsize 64
for host in $(echo $ALLOWED_HOSTS); do
  ip=$(nslookup $host | tail -n2 | head -n1 | sed 's/Address: //') 
  ipset add glocker-tmp $host
done

ipset create -exist glocker-except hash:net --hashsize 64
ipset swap glocker-tmp glocker-except
ipset destroy glocker-tmp
echo "IPSet: glocker-except updated"