#!/usr/bin/perl -w

##
# VERY simple access control script for leeenux
##

$ENV{PATH}="/sbin:/usr/sbin:/usr/local/sbin";

sub panic {
  print shift;
  die "Usage: $0 [permit|deny] [MAC] [IP] [Class]\n\nExample: $0 permit eth0 00:02:2d:aa:bb:cc 10.0.0.105 1\n";
}

panic("FATAL: Not enough parameters!\n") unless @ARGV >= 4;

my ( $action, $mac, $ip, $class ) = @ARGV;
my $cmd = "";

$action = { permit => "-A", deny => "-D" } -> {lc $action}
    or panic("FATAL: Bad action: $action!\n");

$class = { owner => 1, member => 2, public => 3 } -> {lc $class}
    or panic("FATAL: Bad class: $action!\n");

exec("iptables $action PREROUTING -t mangle -m mac --mac-source $mac -s $ip -j MARK --set-mark $class");

#
# Ende
#
