#!/bin/bash
# /usr/local/bin/dhcp-nft.sh - DHCPd Hook Script für nftables
# Wird von dhcpd mit Parametern aufgerufen:
#   dhcp-nft.sh add <IP>
#   dhcp-nft.sh del <IP>

NFT="/usr/sbin/nft"
TABLE="inet filter"
SET="dhcp_clients"

ACTION=$1
IP=$2

if [[ -z "$ACTION" || -z "$IP" ]]; then
    echo "Usage: $0 {add|del} <IP>"
    exit 1
fi

case "$ACTION" in
    add)
        $NFT add element "$TABLE" "$SET" { "$IP" } 2>/dev/null
        ;;
    del)
        $NFT delete element "$TABLE" "$SET" { "$IP" } 2>/dev/null
        ;;
    *)
        echo "Unknown action: $ACTION"
        exit 1
        ;;
esac