#!/bin/bash
# info: delete firewall ipset
# options: NAME
#
# example: v-delete-firewall-ipset country-nl
#
# This function removes ipset from system and from hestia

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

ip_name=${1}

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '1' "$#" 'NAME'
is_format_valid 'ip_name'
is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'

# Define variables for ipset configuration
ipset_hstobject='../../data/firewall/ipset'
is_object_valid "$ipset_hstobject" 'LISTNAME' "$ip_name"
ip_version="$(get_object_value "$ipset_hstobject" 'LISTNAME' "$ip_name" '$IP_VERSION')"

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

IPSET_BIN="$(command -v ipset)"
IPSET_PATH="$HESTIA/data/firewall/ipset"
IPSET_FILE="${ip_name}.${ip_version}"

# Install ipset package if missing
if [ -z "$IPSET_BIN" ]; then
	if [ -f '/etc/redhat-release' ]; then
		dnf install -q -y ipset > /dev/null
	else
		apt-get --quiet --yes install ipset > /dev/null
	fi
	check_result $? "Installing IPset package"

	IPSET_BIN="$(which ipset)"
	check_result $? "IPset binary not found"
fi

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

if $IPSET_BIN -quiet list "${ip_name}-tmp" > /dev/null; then
	$IPSET_BIN -quiet destroy "${ip_name}-tmp"
fi

if $IPSET_BIN -quiet list "${ip_name}" > /dev/null; then
	$IPSET_BIN -quiet destroy "${ip_name}"
	check_result $? "ipset ${ip_name} still used by iptables. Cannot remove"
fi

sed -i "/LISTNAME='$ip_name'/d" "${IPSET_PATH}.conf"
rm -f "${IPSET_PATH}/${IPSET_FILE}.iplist"

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Logging
$BIN/v-log-action "system" "Info" "Firewall" "IPset IP list deleted (Name: $ip_name)."
log_event "$OK" "$ARGUMENTS"

exit