#!/bin/bash
# ip_unblock	unblock an IP address
. get_root
. confirm

t="f2b-sshd"	# table

. opts

table=$t

list_blocked() {
	iptables -L "$table" -n | grep -o '\<[0-9.]*\.[0-9]*\>' | grep -v '^0\.0\.0\.0$'
}
ip_unblock() {
	local ip
	for ip; do
		iptables -D "$table" -p all --source "$ip" -j REJECT --reject-with icmp-port-unreachable
	done
}
ip_unblock_all() {
	ip_unblock $(list_blocked)
}

ip_unblock_main() {
	if [ $# = 0 ]; then
		blocked=`list_blocked`
		if [ -z "$blocked" ]; then
			echo >&2 "No blocked IPs"
			exit 0
		fi
		confirm ip_unblock_all
	else
		ip_unblock "$@"
	fi
}

if [ "$0" = "$BASH_SOURCE" ]; then
	ip_unblock_main
fi