#!/bin/bash
if [[ "$1" == 'debug'  ]]; then set -x;		_DEBUG=$1; shift; fi
if [[ "$1" == 'debug2' ]]; then set -xvT;	_DEBUG=$1; shift; fi
if [[ "$1" == 'trace'  ]]; then 		_TRACE=$1; shift; fi
####################################################################
# - Blacklist, Master -
# Run this manually after changes 
# or from crontab with a short cycle; e.g. 5 minutes
####################################################################
#------------------------
REALPATH=`realpath $0`
WHERE=`dirname $REALPATH`
ME=`basename $REALPATH`
cd $WHERE
. ../system.conf
. ../common.conf
. ../common.bashlib
#------------------------
#  Private stuff
. ../conf/private/$ME.conf

#
# Fill in local blacklist
#
mk-ipset $MYSET "$SETTYP" "$SETOPTS"

if [ -f $MASTER_PATH/blacklist ]
then
	for list in blacklist
	do
	#	LOADFILE=$POOL'/ipset.Loadfile-'$list
	#	echo "-exist create "list" comment"     > $LOADFILE

#		awk -v list=$list -v loadfile="$LOADFILE" ' 
		awk -v setname=$MYSET -v settype="$SETTYP" -v setopts="$SETOPTS" -v loadfile="$LOADFILE" '
		/^$/            { next }
		/^[ \t]*[#]/    { next }
				{ IP[$1]=$1 }
		END {
			printf "-exist create %s %s %s\n", setname, settype, setopts > loadfile

			for ( ip in IP ) {
				printf "add %s %s comment blacklisted\n", setname, ip > loadfile
			}
		}
		' $MASTER_PATH/$list

		$IPSET flush $MYSET
		$IPSET -quiet -file $LOADFILE restore
	done
	logger	 "$ME[$$] Loaded blacklist from 'blacklist' file in $MASTER_PATH ..."
else
	echo 	 "$ME: No 'backlist' file in $MASTER_PATH ..."
fi