#!/bin/sh

uci -q batch <<-EOF >/dev/null
	delete ucitrack.@fail2banop[-1]
	add ucitrack fail2banop
	set ucitrack.@fail2banop[-1].init=fail2banop
	commit ucitrack
EOF

# Check if fail2ban chain exists in nftables, reload firewall if not
if ! nft -t list chain inet fw4 input 2>/dev/null | grep -qF 'ip saddr @fail2banop4 drop'; then
	/etc/init.d/firewall reload
fi

/etc/init.d/fail2banop enable

exit 0

