# If there's an error in a call such as $cfg.settings.Lock(), it is important that the script stops.
# Continuing while another application is also potentially modifying settings may corrupt them.
# Alternately, your script can also handle errors in a Try/Catch block.

$ErrorActionPreference = "Stop"

# Check BssCfgManip.htm in your SSH Server installation directory for the correct COM object name for your installation.
# The PowerShell instance executing this script needs to run elevated, as administrator, to access SSH Server settings.

$cfg = new-object -com "BssCfg815.BssCfg815"

# Settings must be locked while undergoing change to preserve their integrity.
# If you lock settings and do not unlock them, no other process will be able to edit settings until the object is released.

$cfg.settings.Lock()
$result = $cfg.settings.Load()
if ($result.failure) { Write-Error $result.Describe(); }

$rules = $cfg.settings.access.clientAddresses

# Open a text file containing IP addresses, one per line

$reader = [System.IO.File]::OpenText("C:\Path\IpAddresses.txt")
try
{
    while ($null -ne ($ipAddress = $reader.ReadLine()))
    {
        # Trim whitespace, ignore lines with no text
        $ipAddress = $ipAddress.Trim()
        if ($ipAddress.Length -ne 0)
        {
            # For each IP address we read, add a Client address rule
            # To block IP addresses instead of allow, change "allowConnect = $false"
            
            $rules.new.addressRule.addressType = 0  # $cfg.AddressVer6Type.ipv4
            $rules.new.addressRule.ipv4 = $ipAddress
            $rules.new.instr.allowConnect = $true
            $rules.NewCommit()
        }
    }
}
finally
    { $reader.Close() }

$cfg.settings.Save()
$cfg.settings.Unlock()