#!/usr/bin/perl
# $Id: rejectrule,v 1.4 2001/02/08 17:43:53 stes Exp $

$IPLOG=$ENV{'IPLOG'};

$i=0;
$flag=$ARGV[$i++];
$chain=$ARGV[$i++];
$num=$ARGV[$i++];
$idev=$ARGV[$i++];
$odev=$ARGV[$i++];
$proto=$ARGV[$i++];
$saddr=$ARGV[$i++];
$sport=$ARGV[$i++];
$daddr=$ARGV[$i++];
$dport=$ARGV[$i++];
$tcpmask=$ARGV[$i++];
$tcpflag=$ARGV[$i++];
$icmptype=$ARGV[$i++];
$connstate=$ARGV[$i++];
$limit=$ARGV[$i++];
$limitburst=$ARGV[$i++];
$reject=$ARGV[$i++];

$num="" if $num == 0;
$cmd="iptables -t filter $flag $chain $num -j REJECT --reject-with $reject";

if ("x$idev" ne "x" and "$idev" ne "All" and "$idev" ne "Any") {
  $cmd="$cmd -i $idev";
}
if ("x$odev" ne "x" and "$odev" ne "All" and "$odev" ne "Any") {
  $cmd="$cmd -o $odev";
}
if ("x$saddr" ne "x" and "$saddr" ne "All" and "$saddr" ne "Any") {
  $cmd="$cmd -s $saddr";
}
if ("x$daddr" ne "x" and "$daddr" ne "All" and "$daddr" ne "Any") {
  $cmd="$cmd -d $daddr";
}
if ("x$proto" ne "x" and "$proto" ne "All" and "$proto" ne "Any") {
  $cmd="$cmd -p $proto";
}
if ("x$sport" ne "x" and "$sport" ne "All") {
   $cmd="$cmd --sport $sport";
} 
if ("x$dport" ne "x" and "$dport" ne "All") {
   $cmd="$cmd --dport $dport";
} 
if ("x$icmptype" ne "x" and "$icmptype" ne "All") {
   $cmd="$cmd --icmp-type $icmptype";
} 
if ("x$tcpmask" ne "x" and "$tcpmask" ne "NONE") {
   $cmd="$cmd --tcp-flags $tcpmask $tcpflag";
} 
if ("x$connstate" ne "x" and "$connstate" ne "Unused") {
  $cmd="$cmd -m state --state $connstate";
}
if ("x$limit" ne "x" and "$limit" ne "Unused") {
  $cmd="$cmd -m limit --limit $limit";
}
if ("x$limitburst" ne "x" and "$limitburst" ne "Unused") {
  $cmd="$cmd -m limit --limit-burst $limitburst";
}
system("$cmd") if "x$cmd" ne "x";
system("echo \"$cmd\" >> $IPLOG");

