#!/bin/bash
if [ "$1" == 'debug'  ]; then set -x;	shift; fi
if [ "$1" == 'debug2' ]; then set -xvT;	shift; fi
#
# Inject an immediate manual DROP into the database & firewall ...
#
# We get:
# $1	... IP address
# $2	... optional tag
#
#--------------------------
REALPATH=`realpath $0`
WHERE=`dirname $REALPATH`
ME=`basename $REALPATH`
cd $WHERE
. ../../system.conf
. ../../common.conf
. ../../common.bashlib
#--------------------------
. ./WatchLG.conf

DBInject() {
local	comment="$2"
	CLASS=`get_class $1`
	$SQL "insert into $TABLE (affairs, IP,type,class,state,date_intro,date_event,comment)
              values ('99','$1','$THIS_TYPE','$CLASS','DROP',
			datetime(current_timestamp,'localtime'),
			datetime(current_timestamp,'localtime'),
			'$comment');"
}

IntoFW() {
local comment

	# See if that beast is already dropped
	#
	if $IPSET -q test $MYSET $1
	then return
	fi

	# OK - have an addr not yet dropped
	#
	comment="Manual inject,$2"
	DBInject "$1" "$comment"
	$IPSET add custody $1 comment "$comment"
}


#------------ Main ---------------
if [ -z "$2" ]
then TAG="Manual"
else TAG="$2"
fi

if [ -z "$1" ]
then
	echo "Usage: $ME IP_addr tag"
else
	# User input !! Check plausibility
	# Is it a legal IP address?
	validate_IP $1
	if [ $? -ne 0 ]
	then 	echo "Illegal IP address '$1' ... exiting"
		exit
	fi

	IntoFW "$1" "$TAG"
fi