#!/usr/bin/env python

import nfqueue
from scapy.all import *
import os
import socket
os.system('iptables -A OUTPUT -p icmp -d 8.8.8.8 -j NFQUEUE --queue-num 1 ')

# Drop every 5th outgoing ICMP packet to 8.8.8.8
n = 0

# see comment in nfq-pass-all if you see TypeError regarding 2 arguments passed to callback;
#  change signature to callback(i, payload)
def callback(payload):
    data = payload.get_data()
    pkt = IP(data)
    print pkt.summary()
    global n
    n += 1
    if n % 5 != 0 :
        payload.set_verdict(nfqueue.NF_ACCEPT)
    else:
        payload.set_verdict(nfqueue.NF_DROP)

def main():
    q = nfqueue.queue()
    q.open()
    q.unbind(socket.AF_INET)
    q.bind(socket.AF_INET)   # callback won't be called without this
    q.set_callback(callback)
    q.create_queue(1)
    try:
        q.try_run() # Main loop
    except KeyboardInterrupt:
        q.unbind(socket.AF_INET)
        q.close()
        print "Cleaning up iptables" # this removes ALL rules, excessive
        os.system('iptables -F')
        os.system('iptables -X')

main()