#!/usr/bin/perl -n -i.bak
# by Teodor Zlatanov <tzz@lifelogs.com>
# Redhat specific
# this is a filter script, use it like this:
# rewrite-iptables.pl /etc/sysconfig/iptables

use Net::Netmask;

BEGIN
{
 $chainfind = '-A RH-Lokkit-0-50-INPUT';
 $chainfound = 0;
 @ranges = ();
 foreach my $url ('http://www.zbl.ieplugins.com/files/p2penemies.txt', 'http://www.zbl.ieplugins.com/files/badip.txt')
 {
  my @l = `curl $url`;
  foreach my $line (@l)
  {
   chomp $line;
   if ($line =~ m/([-.\d\s]{6,})/)
   {
    $range = $1;
    $range =~ tr/ //d;
#    print "Got range $range\n";
    my $mask = Net::Netmask->new2($range);
    push @ranges, $mask if defined $mask;
   }
  }
 }
# printf ("%s/%s\n", $_->base, $_->size) foreach @ranges;
};

if (m/-i\+ -j REJECT$/)
{
 # don't print anything (remove the old range)
}
elsif (m/$chainfind/)
{
 print;
 $chainfound = 1;
}
else
{
 $line = $_;			# save in case $_ gets corrupted
 if ($chainfound)
 {
  printf ("$chainfind -s %s/%s -i+ -j REJECT\n", $_->base, $_->bits) foreach @ranges;
 }

 print $line;
}