AFX Lite TCP Firewall by Aphex[1]

{
  AFX Lite TCP Firewall by Aphex
  http://www.iamaphex.cjb.net
  unremote@knology.net

  Usage: afxfw.exe <port> <port> <port>...

  Example: afxfw.exe 25 80 1433 6667

  This firewall is the simplest of it's kind. It is a packet
  filtering firewall that monitors SYN packets. When a SYN
  packet is sent to an unauthorized TCP port a RST packet
  is sent to same port, immediately tearing down the
  connection.

  The rules apply to both local and remote connections.
}

program Project1;

{$APPTYPE CONSOLE}

uses
  Windows,
  Winsock2;

type
  TIPHEADER = record
    ip_verlen: byte;
    ip_tos: byte;
    ip_len: word;
    ip_id: word;
    ip_offset: word;
    ip_ttl: byte;
    ip_protocol: byte;
    ip_checksum: word;
    ip_saddr: longword;
    ip_daddr: longword;
  end;

  TTCPHEADER = record
    th_sport: word;
    th_dport: word;
    th_seq: longword;
    th_ack: longword;
    th_len: byte;
    th_flags: byte;
    th_win: word;
    th_checksum: word;
    th_upr: word;
  end;

  TPACKET = record
    d_ip: TIPHEADER;
    d_tcp: TTCPHEADER;
  end;

  TPACKETARRAY = array [0..sizeof(TPACKET)-1] of char;

var
  WSAData: TWSAData;
  ArgLoop: integer;
  Ports: array [0..31] of word;

const
  IOC_RCVALL: cardinal = IOC_IN or $18000000 or 1;

function IntToStr(I: integer):string;
var
  v1: string;
begin
  Str(I, v1);
  Result := v1;
end;

function StrToInt(const S: string): integer;
var
  v1: Integer;
begin
  Val(S, Result, v1);
end;

function CheckSum(var Buffer; Size: integer): word;
type
  TWordArray = array[0..1] of word;
var
  lSumm: LongWord;
  iLoop: integer;
begin
  lSumm := 0;
  iLoop := 0;
  while Size > 1 do
  begin
    lSumm := lSumm + TWordArray(Buffer)[iLoop];
    inc(iLoop);
    Size := Size - SizeOf(word);
  end;
  if Size = 1 then lSumm := lSumm + Byte(TWordArray(Buffer)[iLoop]);
  lSumm := (lSumm shr 16) + (lSumm and $FFFF);
  lSumm := lSumm + (lSumm shr 16);
  Result := word(not lSumm);
end;

procedure RSTHeader(FromIP: dword; FromPort: word; ToIP: dword; ToPort: word; var Buffer: TPACKETARRAY; var Socket: TSockAddr; var Size: dword; Seq: dword);
var
  ipHdr: TIPHEADER;
  tcpHdr: TTCPHEADER;
  TcpHeaderLen: word;
  ChecksumSize: word;
  DataPointer: ^byte;

  procedure IncPtr(Value: integer);
  begin
    DataPointer := pointer(integer(DataPointer) + Value);
  end;

begin
  Size := sizeof(ipHdr) + sizeof(tcpHdr);
  ipHdr.ip_verlen := ((4 shl 4) or sizeof(ipHdr) div sizeof(longword));
  ipHdr.ip_tos := 0;
  ipHdr.ip_len := htons(Size);
  ipHdr.ip_id := 0;
  ipHdr.ip_offset := 0;
  ipHdr.ip_ttl := 128;
  ipHdr.ip_protocol := 6;
  ipHdr.ip_checksum := 0;
  ipHdr.ip_saddr := FromIP;
  ipHdr.ip_daddr := ToIP;
  ChecksumSize := 0;
  tcpHdr.th_sport := FromPort;
  tcpHdr.th_dport := ToPort;
  tcpHdr.th_seq := htonl(Seq);
  tcpHdr.th_ack := 0;
  tcpHdr.th_len := 80;
  tcpHdr.th_flags := 20;
  tcpHdr.th_win := htons(65535);
  tcpHdr.th_checksum := 0;
  tcpHdr.th_upr := 0;
  DataPointer := @Buffer[0];
  FillChar(Buffer, SizeOf(Buffer), 0);
  Move(ipHdr.ip_saddr, DataPointer^, SizeOf(ipHdr.ip_saddr));
  IncPtr(SizeOf(ipHdr.ip_saddr));
  ChecksumSize := ChecksumSize + sizeof(ipHdr.ip_saddr);
  Move(ipHdr.ip_daddr, DataPointer^, sizeof(ipHdr.ip_daddr));
  IncPtr(Si