firewall: implement blocklist

src/scripts/setblocklist.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+if [[ ${EUID} -ne 0 ]]; then
+    echo "This script should be run as root." > /dev/stderr
+    exit 1
+fi
+
+if [[ $# == 1 && "$1" == "--check" ]]; then
+    echo "OK"
+    exit 0
+fi
+
+ipset flush cloudron_blocklist
+
+user_firewall_json="/home/yellowtent/boxdata/firewall-config.json"
+if blocklist=$(node -e "console.log(JSON.parse(fs.readFileSync('${user_firewall_json}', 'utf8')).blocklist.join(' '))" 2>/dev/null); then
+
+    for ip in ${blocklist}; do
+        ipset add cloudron_blocklist "${ip}"
+    done
+fi