#!/bin/bash
#
# Scenario:  You belong to a network but decide to drop it.  You've sent your hub
# a netmail & email letting them know.  Even though two years have gone by they
# constantly try to poll you.
#
# You netmail and email again & again, never receiving a response yet they still
# poll your system, sometimes hundreds of times a day, each time with a password
# error.
#
# Solution?  Block their ass!
#
# Create an IP set to store ip addresses:
# ipset -N block4 hash:net
# ipset -N block6 hash:net family inet6
#
# Add lines to firewall to block referenced IP sets:
# iptables -A INPUT -p all -m set --match-set block4 src -j DROP
# ip6tables -A INPUT -p all -m set --match-set block6 src -j DROP
#
# Set BINKLOG to the path & filename of your binkd log file
#
# Set BLOCKLOG to to path & filename of where you would like to
# log blocked IP addresses
#
# Set one or more BLOCK lines to the name of the SysOp as it appears in your
# binkd.log file or their address:
#
# e.g: "ZYZ Firstname Lastname$"
# e.g: "addr: 1:229/999@fidonet"
# (the $ signifies the end of a line)
#
BINKLOG="/path/to/binkd.log"
BLOCKLOG="/path/to/binkblock.log"

BLOCK=(
  "ZYZ John Doe$"
  "ZYZ Jane Doe$"
  "ZYZ j0hnd03$"
  "addr: 1:234/567@fidonet"
  "addr: 21:3/999@fsxnet"
)

for i in "${BLOCK[@]}"; do

  # Find the latest log entry matching the pattern
  getpoll="$(tac "$BINKLOG" | grep -m 1 "$i")"

  if [[ -n $getpoll ]]; then
    # Extract the PID from the log entry using bash string manipulation
    pollpid="${getpoll#*[}"
    pollpid="${pollpid%%]*}"

    # Find the incoming session log entry associated with PID & extract IP address
    poll="$(grep "\[$pollpid\] incoming session with" "$BINKLOG")"
    poll="${poll#*]}"
    poll="${poll#*[}"

    ip="${poll%%]*}"

    # If IP is IPv4
    if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then

      # Convert to CIDR format
      cidr="${ip%.*}.0/24"

      # Check if CIDR is already in the block4 IP set
      if ! sudo ipset test block4 "$cidr" > /dev/null 2>&1; then
        # Add the CIDR to the block4 IP set and save changes
        sudo ipset add block4 "$cidr"
        sudo sh -c "ipset save > /etc/iptables/ipsets"
        echo $(date +%c)":  $i found $ip, added $cidr to block4" >> "$BLOCKLOG"
      fi
    # If IP is IPv6
    elif [[ "$ip" =~ ^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ || "$ip" == *"::"* ]]; then

      # Convert to CIDR format
      cidr="$(echo "$ip" | cut -d: -f1-4)::/64"

      # Check if CIDR is already in the block6 IP set
      if ! sudo ipset test block6 "$cidr" > /dev/null 2>&1; then
        # Add the CIDR to the block6 IP set and save changes
        sudo ipset add block6 "$cidr"
        sudo sh -c "ipset save > /etc/iptables/ipsets"
        echo $(date +%c)":  $i found $ip, added $cidr to block6" >> "$BLOCKLOG"
      fi
    fi
  fi
done