From 89d757f016b07ca7a40ad45d6568973a2dcda2d5 Mon Sep 17 00:00:00 2001
From: gregor herrmann <gregoa@debian.org>
Date: Fri, 1 Jul 2016 13:13:14 +0200
Subject: [PATCH] add blockip_whitelist_add and blockip_whitelist_delete

adds/removes the given ipv4 address to the blockip/ACCEPT chain in iptables
---
 bin/tdyndns_update | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/bin/tdyndns_update b/bin/tdyndns_update
index 4452fe0..b43286e 100755
--- a/bin/tdyndns_update
+++ b/bin/tdyndns_update
@@ -11,6 +11,11 @@ class NsupdateError(Exception):
 		self.returncode = returncode
 
 
+class BlockipError(Exception):
+	def __init__(self, returncode):
+		self.returncode = returncode
+
+
 def ipfamily_by_ip(ip):
 	if isinstance(ip, ipaddr.IPv4Address):
 		return 'A'
@@ -30,7 +35,6 @@ def nsupdate_add(fqdn, ttl, ip):
 	if p.returncode != 0:
 		raise NsupdateError(p.returncode)
 
-
 def nsupdate_delete(fqdn, ip_family):
 	"""
 	:param fqdn: Fully qualified domain name
@@ -43,6 +47,28 @@ def nsupdate_delete(fqdn, ip_family):
 		raise NsupdateError(p.returncode)
 
 
+def blockip_whitelist_add(ip):
+	"""
+	:param ip: ipv4 address
+	:raises a BlockipError in case of errors."""
+	command = "-I blockip -s {ip} -j ACCEPT\n\n".format(ip=ip)
+	p = Popen(['iptables'], stdin=PIPE)
+	p.communicate(command)
+	if p.returncode != 0:
+		raise NsupdateError(p.returncode)
+
+
+def blockip_whitelist_delete(ip):
+	"""
+	:param ip: ipv4 address
+	:raises a BlockipError in case of errors."""
+	command = "-D blockip -s {ip} -j ACCEPT\n\n".format(ip=ip)
+	p = Popen(['iptables'], stdin=PIPE)
+	p.communicate(command)
+	if p.returncode != 0:
+		raise NsupdateError(p.returncode)
+
+
 def main(args):
 	try:
 		if args.delete:
@@ -51,9 +77,13 @@ def main(args):
 				nsupdate_delete(args.fqdn, 'AAAA')
 			else:
 				nsupdate_delete(args.fqdn, ipfamily_by_ip(args.ip))
+				if ipfamily_by_ip(args.ip) == 'A':
+					blockip_whitelist_delete(args.ip)
 		else:
 			nsupdate_delete(args.fqdn, ipfamily_by_ip(args.ip))
 			nsupdate_add(args.fqdn, args.ttl, args.ip)
+			if ipfamily_by_ip(args.ip) == 'A':
+				blockip_whitelist_add(args.ip)
 	except NsupdateError as e:
 		sys.exit(e.returncode)
 
-- 
2.39.5