#!/usr/bin/perl
# 2007/8/30 initial
# 2007/9/02 fix allow_cc related bug
# browncat.org

#use Fcntl;
#use Sys::Syslog;
use Geo::IP;

$client = $ARGV[0];

# whitelist: CountryCode and LocalIP
@allow_cc = ('JP');
$allow_pattern = '(192\.168\.|172\.16\.)';

# blacklist: CountryCode or ALL
@deny_cc = ('CN','KR','ALL');
@deny_clients = ();

open(FD, "</usr/local/etc/hosts.deny.list");
@acl_list = <FD>;
close(FD);

open(FD, ">>/tmp/hosts.deny.log") || die "cant open log";

$geoip = Geo::IP->new(GEOIP_STANDARD);
die "geoip open error" if ($geoip == undef);

$client =~ s/.*://;
my $country = $geoip->country_code_by_addr($client);

if (grep(/$client/, @acl_list)) {
    print FD "$client $country -- already denied\n";
} elsif ($client =~ /$allow_pattern/) {
    print FD "$client LOCAL -- allowed\n";
} elsif (grep(/$country/, @allow_cc)) {
    print FD "$client $country -- allowed\n";
} elsif (grep(/ALL/,@deny_cc) || grep(/$country/, @deny_cc) || grep(/$client/, @deny_clients)) {
    open(FD2, ">>/usr/local/etc/hosts.deny.list");
    print FD2 "$client\n";
    close(FD2);
    print FD "$client $country -- added to deny list\n";
} else {
    print FD "$client $country -- allowed\n";
}

close(FD);
exit 0;