#! /bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

PF="/etc/pf.droplist"
DROPV6="/usr/local/etc/spamhaus-drop-v6.json"
DROPV6_URL="https://www.spamhaus.org/drop/drop_v6.json"
DROPV4="/usr/local/etc/spamhaus-drop-v4.json"
DROPV4_URL="https://www.spamhaus.org/drop/drop_v4.json"

_fetchfile() {
	local path="$1"
	local url="$2"
	local temp="${path}.tmp"

	local fetchflags=""
	if [ -f "$path" ]; then
		fetchflags="$fetchflags -i $path"
	fi

	if ! fetch $fetchflags -q -o "$temp" "$url"; then
		rm -f "$temp"
		return 1
	fi

	if [ -s "$temp" ]; then
		mv "$temp" "$path"
	fi
}

if ! _fetchfile "$DROPV6" "$DROPV6_URL"; then
	printf >&2 '%s: failed to fetch IPv6 drop list\n' "$0"
	exit 1
fi

if ! _fetchfile "$DROPV4" "$DROPV4_URL"; then
	printf >&2 '%s: failed to fetch IPv6 drop list\n' "$0"
	exit 1
fi

rm -f "${PF}.tmp"

cat "$DROPV6" "$DROPV4" | jq -r 'select(has("cidr")) | .cidr' > "${PF}.tmp"

mv "${PF}.tmp" "${PF}"
pfctl -q -Treplace -tdroplist -f /etc/pf.droplist