use NetPacket::TCP qw(:ALL);
...
while (1) {
my $msg = $ipq->get_message;
my $ip = NetPacket::IP->decode($msg->payload);
if ($ip->{proto} == IP_PROTO_TCP) {
my $tcp = NetPacket::TCP->decode($ip->{data});
if (grep {$tcp->{dest_port} == $_} (22, 25, 80)) {
$ipq->set_verdict($msg->packet_id, NF_ACCEPT);
next;
}
}
$ipq->set_verdict($msg->packet_id, NF_DROP);
}
|