exempt more address ranges, no error on first run

1 files changed, 16 insertions, 1 deletions

diff --git a/firehol2nft b/firehol2nft
index 4b93d73..d3e32be 100755
--- a/firehol2nft
+++ b/firehol2nft
@@ -2,7 +2,7 @@
 
 use Getopt::Std;
 
-getopts("f:");
+getopts("f:x");
 
 if(!defined($opt_f)){
 	print STDERR "Usage: firehol2nft -f FILE\n";
@@ -14,6 +14,7 @@ if(! -f $opt_f){
 	exit 1;
 }
 
+print "table inet firehol\n";
 print "delete table inet firehol\n";
 print "add table inet firehol {\n";
 print "\tset addr-set-firehol-drop {\n";
@@ -24,6 +25,20 @@ open(IN,"<" . $opt_f) or die("$!");
 while(<IN>){
 	next if(m/^#/);
 	chomp($_);
+	next if(
+		m/0\.0\.0\.0\/8/g ||
+		m/10\.0\.0\.0\/8/g ||
+		m/127\.0\.0\.0/g ||
+		m/169\.254\.0\.0\/16/g ||
+		m/172\.16\.0\.0\/12/g ||
+		m/192\.0\.0\.0\/24/g ||
+		m/192\.0\.2\.0\/24/g ||
+		m/192\.168\.0\.0\/16/g ||
+		m/198\.51\.100\.0\/24/g ||
+		m/203\.0\.113\.0\/24/g ||
+		m/224\.0\.0\.0\/4/g 
+		
+	);
 	printf("\t\t\t%s,\n", $_);
 }
 close(IN);