#!/bin/bash
GOV_SITES_DIR='/usr/local/block_gov_sites'
GOV_SITES_LIST="$GOV_SITES_DIR/block_gov_sites.list"
GOV_SITES_IP_LIST="$GOV_SITES_DIR/block_gov_ip.list"
GOV_SITES_IP_DIFF_LIST="$GOV_SITES_DIR/block_gov_ip_diff.list"
IPSET_NAME='block_gov_out'
IPSET_IP_LIST="$GOV_SITES_DIR/block_gov_ipset.list"

if ! [ -x "$(command -v ipset)" ]; then
    echo 'Error: ipset is not installed.'
    exit 1
fi

while read -r line;
do
    dig +short -t a "$line";
done < "$GOV_SITES_LIST" | sort -n | uniq > "$GOV_SITES_IP_LIST";

if [  "$(ipset -q -L $IPSET_NAME | grep -o $IPSET_NAME)" != "$IPSET_NAME" ]; then
    ipset create "$IPSET_NAME" hash:net
    while read -r line;
    do
        ipset -exist -A "$IPSET_NAME" "$line";
    done < "$GOV_SITES_IP_LIST"
    echo "ipset $IPSET_NAME created"
    exit 0
else
    ipset list "$IPSET_NAME" | grep '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$' | sort -n > "$IPSET_IP_LIST"
fi

if ! diff "$IPSET_IP_LIST" "$GOV_SITES_IP_LIST" > "$GOV_SITES_IP_DIFF_LIST"; then
    ipset flush "$IPSET_NAME"
    while read -r line;
    do
        ipset -exist -A "$IPSET_NAME" "$line";
    done < "$GOV_SITES_IP_LIST"
    echo "ipset $IPSET_NAME recreated due to differences, see diff in $GOV_SITES_IP_DIFF_LIST"
else
    echo "ipset $IPSET_NAME is up to date"
fi