#!/bin/sh
(
  flock -n 200 || exit 1

  # The environment is cleared before executing this script
  PATH=/usr/sbin:/sbin:/usr/bin:/bin
  export PATH

  QUIT_TIME="$(date "+%Y-%m-%d_%H:%M:%S")"
  USERNAME="${PEERNAME}"
  PEERIP="${5}"

  USER_CONFIG="pppoe-user"
  USER_CFGID="$(uci show ${USER_CONFIG} | grep "${USERNAME}" | cut -d '.' -f 2)"
  TABLE="pppoe"
  
  # Define chains
  CHAINS="upload download"

  # Loop through each chain and delete all rules matching the IP
  for CHAIN in ${CHAINS}; do
    # Get all rule handles associated with the IP in the current chain
    RULE_HANDLES="$(nft -a list chain inet ${TABLE} ${CHAIN} | grep "${PEERIP}" | awk '{print $NF}')"
    
    if [ -n "${RULE_HANDLES}" ]; then
      for HANDLE in ${RULE_HANDLES}; do
        nft delete rule inet ${TABLE} ${CHAIN} handle "${HANDLE}" || {
          logger "${QUIT_TIME} ERROR: Failed to delete rule handle ${HANDLE} in chain ${CHAIN} for ${USERNAME} ${PEERIP}"
          exit 1
        }
      done
    else
      logger "${QUIT_TIME} WARNING: No rules found for ${USERNAME} ${PEERIP} in chain ${CHAIN}"
    fi
  done

  exit 0

) 200>/var/lock/ipdown.lock
