From ae5f20947dbeb92a195db15f41ea6b6b7a328f95 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 12 Mar 2023 11:41:21 +0000
Subject: [PATCH] Add tools to block and unblock addresses

---
 .../networking/templates/default/nftables.erb | 27 ++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/cookbooks/networking/templates/default/nftables.erb b/cookbooks/networking/templates/default/nftables.erb
index 82064d7f5..c9ac8972e 100644
--- a/cookbooks/networking/templates/default/nftables.erb
+++ b/cookbooks/networking/templates/default/nftables.erb
@@ -20,10 +20,35 @@ reload() {
   start
 }
 
-case "$1" in
+block() {
+  for address in "$@"
+  do
+    case "$address" in
+      *.*) /usr/sbin/nft add element inet chef-filter ip-blocklist "{ $address }";;
+      *:*) /usr/sbin/nft add element inet chef-filter ip6-blocklist "{ $address }";;
+    esac
+  done
+}
+
+unblock() {
+  for address in "$@"
+  do
+    case "$address" in
+      *.*) /usr/sbin/nft delete element inet chef-filter ip-blocklist "{ $address }";;
+      *:*) /usr/sbin/nft delete element inet chef-filter ip6-blocklist "{ $address }";;
+    esac
+  done
+}
+
+command=$1
+shift
+
+case "$command" in
   start) start;;
   stop) stop;;
   reload) reload;;
+  block) block "$@";;
+  unblock) unblock "$@";;
 esac
 
 exit 0
-- 
2.39.5