#!/bin/bash

#FIXME - coalesce, get real bogon list

Me='bogons'
MyVersion='0.1'

if [ ! -f bogon-bn-agg.txt ]; then
	wget http://www.cymru.com/Documents/bogon-bn-agg.txt
fi

Action="$1"
case "$Action" in
start)
	echo "Starting $Me"
	iptables -N $Me

	iptables -A $Me -i lo -s 127.0.0.0/8		-j RETURN
	iptables -A $Me -i lo -d 127.0.0.0/8		-j RETURN
	iptables -A $Me -o lo -s 127.0.0.0/8		-j RETURN
	iptables -A $Me -o lo -d 127.0.0.0/8		-j RETURN

	for OneBogon in `cat bogon-bn-agg.txt` ; do
		case $OneBogon in
		10.0.0.0/8|172.16.0.0/12|192.168.0.0./16|224.0.0.0/3)
			echo Skipping $OneBogon, handled elsewhere.
			;;
		*)
			iptables -A $Me -s $OneBogon		-j DROP
			iptables -A $Me -d $OneBogon		-j DROP
			;;
		esac
	done

	iptables -A INPUT -i \! lo				-j $Me
	iptables -A FORWARD					-j $Me
	iptables -A OUTPUT					-j $Me
	;;
stop)
	echo "Stopping $Me"
	iptables -D INPUT -i \! lo				-j $Me
	iptables -D FORWARD					-j $Me
	iptables -D OUTPUT					-j $Me

	for OneBogon in `cat bogon-bn-agg.txt` ; do
		case $OneBogon in
		10.0.0.0/8|172.16.0.0/12|192.168.0.0./16|224.0.0.0/3)
			echo Skipping $OneBogon, handled elsewhere.
			;;
		*)
			iptables -D $Me -s $OneBogon		-j DROP
			iptables -D $Me -d $OneBogon		-j DROP
			;;
		esac
	done

	iptables -D $Me -i lo -s 127.0.0.0/8		-j RETURN
	iptables -D $Me -i lo -d 127.0.0.0/8		-j RETURN
	iptables -D $Me -o lo -s 127.0.0.0/8		-j RETURN
	iptables -D $Me -o lo -d 127.0.0.0/8		-j RETURN

	iptables -F $Me

	iptables -X $Me
	;;
esac