#!/bin/bash

# Openvpn iptables rules based on certificate name.
# (C)2018 SYN-3 edwin@datux.nl

OPERATION=$1
IP=$2
CN=$3


log()
{
 logger -t openvpn-update-ipset "$1"
}

# always make sure the ip doesnt exist in other sets (in case of bugs/openvpn restarts)
log "Deleting $IP from all ipsets"
for SET in `ipset list -n|grep ^openvpn_cert_`; do ipset del $SET $IP; done    


if [ "$OPERATION" == "add" ] || [ "$OPERATION" == "update" ]; then
    # add chain
    log "Adding $IP to ipset openvpn_cert_$CN"
    ipset create openvpn_cert_$CN hash:ip
    ipset add openvpn_cert_$CN $IP
fi


exit 0