#!/bin/csh -f
# ipunblock_fail2ban
# -----------------------------------------------------------------------------
# Shell script to unblock an IP address, reversing the effect of fail2ban.
# -----------------------------------------------------------------------------
# Usage:  See Usage section below or run with -h or --help option to see usage.
# Assumptions:
# Effects:
# Notes:
# Implementation Notes:
# Portability Issues:
# Revision History:
#   $Log$
# -----------------------------------------------------------------------------

if ("$1" == "" || "$1" == "-h" || "$1" == "--help") then
   echo "Usage: $0:t IP_Address"
   exit 1
endif

if ($#argv == 0) then
    beep "No IP address specified"
    $0:t --help
    exit 1
endif
 
echo "************************************************************************"
echo "iptables before the change:"
echo "************************************************************************"
sudo iptables -L -v
echo "************************************************************************"
echo sudo iptables -D fail2ban-SSH -s $1 -j DROP
     sudo iptables -D fail2ban-SSH -s $1 -j DROP
set rc = $status
if ($rc != 0) then
    beep "Error unblocking IP address $1"
    exit $rc
endif 
echo "************************************************************************"
echo "iptables after the change:"
echo "************************************************************************"
sudo iptables -L -v
echo "************************************************************************"

# Send e-mail to root to tell admins that this IP address has been unblocked.
# Use the same subject line format as fail2ban so the e-mail messages can be 
# sorted by subject to see this one grouped with others from fail2ban about 
# the fail2ban ban of the same IP address.
set host = `hostname -s`
set person = `logname`
echo "IP address $1 unblocked by $person on $host via $0:t" | mail -s "[Fail2Ban] SSH: banned $1 -- $host ipunblock_fail2ban $1 unblocked by $person" root

# Wait a full second for the mail to get handed off to sendmail.  Otherwise,
# this script sometimes ends before the mail goes, and when run remotely via
# ssh, the script ends, and the ssh session ends, and the mail never gets
# sent.  Is there a better way to make sure all piped commands are completed
# before proceeding?  This must be a special problem with the handoff to 
# sendmail.  Most piped commands are reliably synchronous.
echo "Waiting a second for e-mail to be sent..."
sleep 1