From 79352ec0463683fdd4b04e25492f2b26254d9cb7 Mon Sep 17 00:00:00 2001
From: AR2000 <ar2000@ar2000.me>
Date: Thu, 16 Jan 2025 14:55:37 +0100
Subject: [PATCH] stdin

---
 bouncer.sh | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 68 insertions(+), 5 deletions(-)

diff --git a/bouncer.sh b/bouncer.sh
index 83af966..eec8534 100755
--- a/bouncer.sh
+++ b/bouncer.sh
@@ -1,6 +1,69 @@
 #!/bin/bash
-echo test >> /bouncer.stdin.out
-while read line
-do
-  echo "$line" >> /bouncer.stdin.out
-done
\ No newline at end of file
+#
+# Script to add /remove IPs to iptables
+
+: ${IPTABLES_CHAIN:=INPUT}
+
+function iptableAdd() {
+  #check if the rule already exist
+  if ! iptables $comment -C $IPTABLES_CHAIN -s "$1" -j DROP; then
+    #do we insert at a $IPTABLES_INSERT position or append to the chain
+    if [[ -z "${IPTABLES_INSERT}" ]]; then
+      iptables $comment -A $IPTABLES_CHAIN -s "$1" -j DROP
+    else
+      iptables $comment -I $IPTABLES_CHAIN "$IPTABLES_INSERT" -s "$1" -j DROP
+    fi
+  fi
+}
+
+function iptableDel() {
+  iptables $comment -D $IPTABLES_CHAIN -s "$1" -j DROP
+}
+
+function ip6tableAdd() {
+  #check if the rule already exist
+  if ! ip6tables $comment -C $IPTABLES_CHAIN -s "$1" -j DROP; then
+    #do we insert at a $IPTABLES_INSERT position or append to the chain
+    if [[ -z "${IPTABLES_INSERT}" ]]; then
+      ip6tables $comment -A $IPTABLES_CHAIN -s "$1" -j DROP
+    else
+      ip6tables $comment -I $IPTABLES_CHAIN "$IPTABLES_INSERT" -s "$1" -j DROP
+    fi
+  fi
+}
+
+function ip6tableDel() {
+  ip6tables $comment -D $IPTABLES_CHAIN -s "$1" -j DROP
+}
+
+function processAction() {
+
+  [[ -n "${IPTABLES_COMMENT}" ]] && comment="-m comment --comment \"$4\"" || comment=""
+
+  #determine action
+  if [ "$1" = "add" ]; then        #add
+    if [[ "$2" =~ .*[.].* ]]; then #ipv4
+      echo "add $2 for $3 with $4"
+      iptableAdd "$2"
+    elif [[ "$2" =~ .*[:].* ]]; then #ipv6
+      echo "IPV6 : add $2 for $3 with $4"
+      ip6tableAdd "$2"
+    fi
+  elif [ "$1" = "del" ]; then      #del
+    if [[ "$2" =~ .*[.].* ]]; then #ipv4
+      echo "del $2 for $3 with $4"
+      iptableDel "$2"
+    elif [[ "$2" =~ .*[:].* ]]; then #ipv6
+      echo "IPV6 : add $2 for $3 with $4"
+      ip6tableDel "$2"
+    fi
+  else
+    echo "unknown action"
+  fi
+}
+
+while read line; do
+  echo "$line"
+  processAction "$(echo "$line" | jq -r .action)" "$(echo "$line" | jq -r .value)" "$(echo "$line" | jq -r .duration)" "$(echo "$line" | jq -r .scenario)"
+done
+#{"duration":"-1h1m9s","origin":"CAPI","scenario":"crowdsecurity/ssh-bf","scope":"Ip","type":"ban","value":"122.117.32.192","id":22739513,"action":"del"}