#!/bin/bash
set -e

IPSET_NAME="cdn_ips"

iptables -D INPUT  -m set --match-set "$IPSET_NAME" src -j DROP 2>/dev/null || true
iptables -D OUTPUT -m set --match-set "$IPSET_NAME" dst -j DROP 2>/dev/null || true

ipset flush "$IPSET_NAME" 2>/dev/null || true
ipset destroy "$IPSET_NAME" 2>/dev/null || true

echo "✅ cdn_ips 规则和集合已删除"