#!/usr/bin/perl

use strict;

$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin';

my $APNIC_URI = 'http://ftp.apnic.net/stats/apnic/delegated-apnic-latest';
my @ACPT_LIST = ('127.0.0.1','192.168.1.0/24');
my %DROP_LIST = ();
my %MASK_BITS = (
	'256'=>'24','512'=>'23','1024'=>'22','2048'=>'21','4096'=>'20','8192'=>'19','16384'=>'18','32768'=>'17',
	'65536'=>'16','131072'=>'15','262144'=>'14','524288'=>'13','1048576'=>'12','2097152'=>'11','4194304'=>'10',
	'8388608'=>'9','16777216'=>'8','33554432'=>'7','67108864'=>'6','134217728'=>'5','268435456'=>'4',
	'536870912'=>'3','1073741824'=>'2','2147483648'=>'1'
);

if (!open(CMD,"wget $APNIC_URI -O - 2>/dev/null |")) {
	print "Wget process didn't function.\n";
	exit(1);
}

my @ALLOW_CIDR;

while (my $LINE = <CMD>) {
	my $CIDR;
	my $TABS;

	if ($LINE =~ /^apnic\|JP\|ipv4\|([0-9\.]+)\|([0-9]+)\|[0-9]+\|.+/i) {
		if ($2) {
			$CIDR = $1 . '/' . $MASK_BITS{$2};
		}
	}

	if ($CIDR =~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]+$/) {
		push(@ALLOW_CIDR,$CIDR);
	}
}
close(CMD);

if ($#ALLOW_CIDR > -1) {
	system("iptables -F");

	foreach (@ACPT_LIST) {
		system("iptables -A INPUT -s $_ -p tcp --dport 21 -j ACCEPT");
	}

	foreach (@ALLOW_CIDR) {
		system("iptables -A INPUT -s $_ -p tcp --dport 21 -j ACCEPT");
	}

	system("iptables -A INPUT -s 0/0 -p tcp --dport 21 -j LOG --log-level info --log-prefix \"iptables:\"");
	system("iptables -A INPUT -s 0/0 -p tcp --dport 21 -j DROP");

	foreach (keys(%DROP_LIST)) {
		system("iptables -A INPUT -s $_ -p tcp --dport $DROP_LIST{$_} -j LOG --log-level info --log-prefix \"iptables:\"");
		system("iptables -A INPUT -s $_ -p tcp --dport $DROP_LIST{$_} -j DROP");
	}

	system("/etc/rc.d/init.d/iptables save");
	system("/etc/rc.d/init.d/iptables restart");
}

print "Successful in update of iptables.\n";

exit(0);