#!/bin/bash

BLACKLIST=/etc/sentinel/blacklist
chain_count=$(iptables -L BLACKLIST -n | wc -l)
if [ ${chain_count} -eq 0 ]; then
	iptables -N BLACKLIST
	iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j BLACKLIST
	iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j BLACKLIST

fi
if [ ! -f ${BLACKLIST} ]; then
	touch ${BLACKLIST}
fi
if [ ${chain_count} -gt 2 ]; then
	chain_count=$(echo ${chain_count}-2 |bc)
	iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count}  | awk '{print $8}'))
	for i in $(cat ${BLACKLIST})
	do
		block_ip=1
		for j in ${iptables_ip[@]}
		do
			if [ "${i}" == "${j}" ]; then
				block_ip=0
			fi
		done
		if [ ${block_ip} -eq 1 ]; then
			iptables -A BLACKLIST -s ${i} -j DROP
		fi
	done
else
	for i in $(cat ${BLACKLIST})
	do
		iptables -A BLACKLIST -s ${i} -j DROP
	done
fi