#!/bin/csh -f
# ipblockall
# -----------------------------------------------------------------------------
# Shell script to permanantly block one or more IP addresses on various 
# servers.
# -----------------------------------------------------------------------------
# Usage:  See Usage section below or run with -h or --help option to see usage.
# Assumptions:
# Effects:
# - Blocks IP addresses on various servers
# - Logs the blocked IP addresses in $IPBLOCKALL_LIST, which defaults to 
#   ./ipblockall.lis
# Notes:
# Implementation Notes:
# Portability Issues:
# Revision History:
#   $Log$
# -----------------------------------------------------------------------------

if ("$1" == "" || "$1" == "-h" || "$1" == "--help") then
   echo "Usage: $0:t [options] IP_Address..."
   echo "options:"
   echo "-D = Delete the block, allowing the IP addresses access again"
   echo "-p = Save resulting iptables settings to survive the next re-boot"
   exit 1
endif

# Collect command line options
set perm_option             = "false"
set iptables_action_option  = "-I"
set iptables_action_message = "block"
while ($#argv > 0)
    if ("$1" == "-h" || "$1" == "--help") then
        shift
        # If help option was anywhere among the options, call recursively
        # with just that option, and exit.
        $0:t --help
        exit 1
    else if ("$1" == "-p") then
        shift
        set perm_option = "true"
    else if ("$1" == "-D") then
        shift
        set iptables_action_option = "-D"
        set iptables_action_message = "unblock"
    else
        # Not a recognized option.  Assume it's the first parameter
        break
    endif
end

if ($#argv == 0) then
    beep "No IP address specified"
    $0:t --help
    exit 1
endif

set ip_addresses = ""
while ($#argv > 0)

    if ("`printenv IPBLOCKALL_LIST`" == "") then
        setenv IPBLOCKALL_LIST ./ipblockall.lis
    endif
    if (-r $IPBLOCKALL_LIST) then
        grep $1:q $IPBLOCKALL_LIST
        if ($status == 0) then
            set prompt = "Already blocked.  Re-block? (y/n)? "
            set proceed = `promptloop "${prompt}" y n`
            if ($proceed == "n") then
                echo "OK.  Not re-blocking"
                echo ""
                # Skip to next loop iteration
                shift
                continue
            endif
        endif
    endif

    ipinfo $1:q

    set prompt = "Block (y/n)? "
    set proceed = `promptloop "${prompt}" y n`
    if ($proceed == "y") then
        echo "OK.  Will block $1"
        echo ""
        set ip_addresses = "$ip_addresses $1"
    else
        echo "OK.  Will NOT block $1"
        echo ""
    endif

    # Move on to the next IP address
    shift

end

if ("$ip_addresses" == "") then
    beep "No IP addresses blocked"
    exit 1
endif

foreach host (\
              $TRIDENT \
              $AMAZON1 \
              $HHL_WEBPROD1 \
              $HHL_WEBTEST1 \
              $HHL_WEBTEST2 \
              $HHL_WEBTEST3 \
              $WALLETRON_APPPROD1 \
              $WALLETRON_APPQA1 \
              $BOONCARD_PROD1 \
              $BOONCARD_TEST1 \
              $ZENBANX_WEBPROD1 \
              $BALANCED_CLOUD1 \
              $CLSI_WWW1 \
              $TARGETINFO_WEBPROD1 \
             )

    if ("$host" == "skip_this_host") then
        beep "Skipping this host"
    else
        echo "Pinging $host..."
        ping -c1 -W5000 $host >& /dev/null
            # -c1 = Ping only one time
            # -W  = Number of millseconds to wait for reply.
        if ($status == 0) then
            beep "Logging in to $host"
            echo "ssh -t $host ipblock $ip_addresses:q"
                  ssh -t $host ipblock $ip_addresses:q
        else
            beep "$host is not responding to ping"
        endif
        echo ""
        echo ""
        echo ""
    endif
end

set timestamp = `date "+%Y_%m_%d__%H_%M_%S"`
foreach ip_address ($ip_addresses)
    echo "$timestamp   $ip_address:q" >>! $IPBLOCKALL_LIST
end