base-stack/sbin/firewall-blacklist-add.sh

#!/bin/bash

# IP should be first arg
if [ -n "$1" ]; then
  IP=$1
else
  echo "IP not set"
  exit 1
fi

if [[ `firewall-cmd --ipset=blacklist --query-entry $IP` = "yes" ]]; then

  echo "IP $IP already in blacklist. Doing nothing."

else

  firewall-cmd --ipset=blacklist --add-entry=$IP
  firewall-cmd --permanent --ipset=blacklist --add-entry=$IP

fi