#!/bin/bash
#

BADGUYS_FILE="/root/ci-badguys.txt"
CHAIN_NAME="CINSARMY_IPS"
FIREWALL="/sbin/iptables"
ETH="eth1"

echo "Clearing firewall."
$FIREWALL -P INPUT ACCEPT
$FIREWALL -P FORWARD ACCEPT
$FIREWALL -P OUTPUT ACCEPT
$FIREWALL -t nat -F
$FIREWALL -t mangle -F
$FIREWALL -F
$FIREWALL -X
echo "Restoring firewall from iptables.rules."
/sbin/iptables-restore < /etc/iptables.rules
echo "Restoring fail2ban rules."
sudo systemctl restart fail2ban
echo "Downloading cinsarmy IP list..."

wget -c https://cinsscore.com/list/ci-badguys.txt -O $BADGUYS_FILE

echo "Making sure it downloaded."

# Check if the file exists
if [[ ! -f "$BADGUYS_FILE" ]]; then
    echo "File not found: $BADGUYS_FILE"
    exit 1
fi

echo "Processing the list..."

# Check if the chain exists, and creates it if it's not there
if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
    echo "Chain $CHAIN_NAME already exists."
    $FIREWALL -F $CHAIN_NAME
else
    echo "Creating chain $CHAIN_NAME."
    $FIREWALL -N $CHAIN_NAME
fi

# Read each line (IP address) from the file and block it
while IFS= read -r ip; do
    # Check if the line is not empty
    if [[ -n "$ip" ]]; then
        # Block the IP address using iptables
        $FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
        # echo "Blocked IP: $ip"
    fi
done < "$BADGUYS_FILE"

# Jump to the our chain from the FORWARD CHAIN
$FIREWALL -A FORWARD -j $CHAIN_NAME

# Delete the bad guys file
rm $BADGUYS_FILE

echo "Bad guys list has been processed, and deleted."