#!/usr/bin/perl
# $Id: formedit,v 1.10 2001/02/25 10:05:38 stes Exp $

$IPMENU=$ENV{'IPMENU'};
require "$IPMENU/ipmenu.lib";

$table=$ARGV[0];
$chain=$ARGV[1];
$num=$ARGV[2];

open(PIPE,"iptables -t $table -L $chain -v --line-numbers |");
while (<PIPE>) {
  chomp;
  ($n,$pkts,$bytes,$target,$prot,$opt,$idev,$odev,$saddr,$daddr,$misc) = split(/[ \t]+/,$_,11);
  last if ($n == $num);
}
close(PIPE);

exit if ($n != $num);

$form="$TMP/Form.$$";

if ($table eq 'nat' and $target eq 'MASQUERADE') {
  $vodev=$odev unless $odev eq 'any';
  $vsaddr=$saddr unless $saddr eq 'anywhere';
  $vproto=$prot unless $prot eq 'all';
  if ($misc =~ /masq ports: ([\w\d-:]+)/) {
    $vnatport=$1;
  }
  formmasq($form,'-R',$chain,$num);
  print "open $form\n";
  exit(0);
}

if ($table eq 'nat' and $target eq 'SNAT') {
  $vodev=$odev unless $odev eq 'any';
  $vsaddr=$saddr unless $saddr eq 'anywhere';
  $vproto=$prot unless $prot eq 'all';
  if ($misc =~ /to:([\w\d\.:-]+)/) {
    $x=$1;
    if ($x =~ /:/) {
      ($vdaddr,$vnatport)=split(/:/,$x);
    } else {
      $vdaddr=$1;
    }
  }
  formsnat($form,'-R',$chain,$num);
  print "open $form\n";
  exit(0);
}

if ($table eq 'nat' and $target eq 'DNAT') {
  $videv=$idev unless $idev eq 'any';
  $vsaddr=$daddr unless $daddr eq 'anywhere';
  $vproto=$prot unless $prot eq 'all';
  if ($misc =~ /dpt:([\w\d-:]+)/) {
    $vsport=$1;
  }
  if ($misc =~ /to:([\w\d\.:-]+)/) {
    $x=$1;
    if ($x =~ /:/) {
      ($vdaddr,$vnatport)=split(/:/,$x);
    } else {
      $vdaddr=$1;
    }
  }
  formdnat($form,'-R',$chain,$num);
  print "open $form\n";
  exit(0);
}

if ($table eq 'nat' and $target eq 'REDIRECT') {
  $videv=$idev unless $idev eq 'any';
  $vproto=$prot unless $prot eq 'all';
  if ($misc =~ /dpt:([\w\d-:]+)/) {
    $vdport=$1;
  }
  if ($misc =~ /redir ports ([\w\d-:]+)/) {
    $vnatport=$1;
  }
  formredir($form,'-R',$chain,$num);
  print "open $form\n";
  exit(0);
}

$script='customrule';

$log=0;
$reject=0;
$custom=1;
$mark=0;

$videv=$idev unless $idev eq 'any';
$vodev=$odev unless $odev eq 'any';
$vproto=$prot unless $prot eq 'all';
$vsaddr=$saddr unless $saddr eq 'anywhere';
$vdaddr=$daddr unless $saddr eq 'anywhere';
if ($misc =~ /spt:([\w\d-:]+)/) {
  $vsport=$1;
}
if ($misc =~ /dpt:([\w\d-:]+)/) {
  $vdport=$1;
}
if ($misc =~ /icmp ([\w\d,-\/]+)/) {
  $vicmptype=$1;
}
if ($misc =~ /state ([\w\d,-\/]+)/) {
  $vconntrack=$1;
}
if ($misc =~ /flags:([\w\d,\/]+)/) {
  ($vtcpmask,$vtcpflag)=split(/\//,$1);
  $vtcpmask='ALL' if ($vtcpmask =~ /,/);
  $vtcpflag='ALL' if ($vtcpflag =~ /,/);
}
if ($misc =~ /avg ([\d\w-\/]+)/) {
  $vlimit=$1;
}
if ($misc =~ /burst ([\d]+)/) {
  $vlimitburst=$1;
}

if ($target eq 'ACCEPT') {
  $custom=0;
  $script='acceptrule';
}

if ($target eq 'DROP') {
  $custom=0;
  $script='droprule';
}

if ($target eq 'REJECT') {
  $custom=0;
  $reject++;
  $script='rejectrule';
  if ($misc =~ /reject-with ([\w-]+)/) {
    $vrejecttype=$1;
  }
}

if ($target eq 'MARK') {
  $custom=0;
  $mark++;
  $script='markrule';
  if ($misc =~ /MARK set ([\w\d-\/]+)/) {
    $vmark=$1;
    
    if (length($vmark) == 10) {
     $vmark=substr($vmark,2,4) . ':' . substr($vmark,6,4);
    } else {
     %rt = rtkeys();
     if (defined $rt{hex($vmark)}) { $vmark = $rt{hex($vmark)}; }
    }
  }
}

if ($target eq 'LOG') {
  $custom=0;
  $log++;
  $script='logrule';
  if ($misc =~ /prefix ([\d\w]+)/) {
    $vlogprefix=$1;
  }
  if ($misc =~ /prefix `([^']*)'/) {
    $vlogprefix="$1";
  }
  if ($misc =~ /level ([\d\w]+)/) {
    $vloglevel=$1;
  }
  if ($misc =~ /tcp-sequence/) {
    $vlogtcpseq='YES';
  }
  if ($misc =~ /tcp-options/) {
    $vlogtcpopt='YES';
  }
  if ($misc =~ /ip-options/) {
    $vlogipopt='YES';
  }
}

formselect($form,$script,'-R',$chain,$num,"$num. $target",1,1,$log,$reject,$custom,$mark);

print "open $form\n";

