#!/bin/bash


DO="-I"
autoremove=yes

case "$1" in
  -r)
	DO="-D"
	shift
	;;
  -a)
	autoremove=no
	shift
	;;
  -h|--help)
	echo "usage: $0 [-r] [-a] (ip|net/mask)"
	echo "  -r	remove rule"
	echo "	-a	no autoremove after 4h"
	echo "	-h	this help"
	exit
	;;
   *)
	;;
esac

for i in $*; do
  iptables -t filter $DO INPUT -s $i -j DROP
echo "iptables -t filter $DO INPUT -s $i -j DROP autoremove=$autoremove LOGNAME=$LOGNAME" | logger -t $( basename $0 ) 
#  iptables -t filter $DO OUTPUT -d $i -j DROP
  ret=$?
  if [ "$autoremove" = "yes" -a "$DO" = "-I" -a $ret = 0 ]; then
    (
	DO="-D"
	echo "iptables -t filter $DO INPUT -s $i -j DROP
#	      iptables -t filter $DO OUTPUT -d $i -j DROP" | at now + 4 hours
    )
  fi
#  iptables -t nat    -I INPUT -s $i -j DROP
done
