#! /bin/bash

# shellcheck source=../scripts/helpers/index.sh
source /usr/local/bin/helpers/index.sh

if ! IPTABLES_OUTPUT=$(iptables -L -n 2>&1)
then
  _exit_with_error "IPTables is not functioning correctly

The output of \`iptables -L\` was:

${IPTABLES_OUTPUT}

Possible causes for this error are

1. Missing capabilities (you need CAP_NET_RAW & CAP_NET_ADMIN, see \`capsh --print\`)
2. Modifications caused by user-patches.sh
3. Host is configured incorrectly
"
fi

function __usage { echo "Usage: ${0} [<unban> <ip-address>]" ; }

unset JAILS
declare -a JAILS
for LIST in $(fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,/ /g')
do
  JAILS+=("${LIST}")
done

if [[ -z ${1} ]]
then

  IP_COUNT=0

  for JAIL in "${JAILS[@]}"
  do
    BANNED_IP="$(iptables -L "f2b-${JAIL}" -n 2>/dev/null | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')"

    if [[ -n ${BANNED_IP} ]]
    then
      echo "Banned in ${JAIL}: ${BANNED_IP//$'\n'/, }"
      IP_COUNT=$(( IP_COUNT + 1 ))
    fi
  done

  if [[ ${IP_COUNT} -eq 0 ]]
  then
    _log 'info' 'No IPs have been banned'
  fi

else

  case "${1}" in

    ( 'unban' )
      shift
      if [[ -n ${1} ]]
      then

        for JAIL in "${JAILS[@]}"
        do
          RESULT="$(fail2ban-client set "${JAIL}" unbanip "${@}" 2>&1)"

          [[ ${RESULT} != *"is not banned"* ]] && [[ ${RESULT} != *"NOK"* ]] && echo -e "Unbanned IP from ${JAIL}: ${RESULT}"
        done

      else
        _log 'warn' "You need to specify an IP address: Run './setup.sh debug fail2ban' to get a list of banned IP addresses"
        exit 0
      fi
      ;;

    ( * )
      __usage
      _exit_with_error "Unknown command '${1}'"
      ;;

  esac

fi

exit 0