// Packet Filter - Reference Solution
// Implements stateless firewall rules with strict priority order.

module packet_filter (
    input  wire [31:0] src_ip,
    input  wire [15:0] dst_port,
    input  wire [7:0]  protocol,
    output reg         allow
);

    always @(*) begin
        // Rule 1: Source IP in 10.0.0.0/8 -> DROP
        if ((src_ip & 32'hFF000000) == 32'h0A000000) begin
            allow = 1'b0;
        end
        // Rule 2: Source IP in 192.168.0.0/16 -> DROP
        else if ((src_ip & 32'hFFFF0000) == 32'hC0A80000) begin
            allow = 1'b0;
        end
        // Rule 3: Protocol = ICMP (1) -> ALLOW
        else if (protocol == 8'd1) begin
            allow = 1'b1;
        end
        // Rule 4: Protocol = TCP (6) AND dst_port = 80 -> ALLOW
        else if (protocol == 8'd6 && dst_port == 16'd80) begin
            allow = 1'b1;
        end
        // Rule 5: Protocol = TCP (6) AND dst_port = 443 -> ALLOW
        else if (protocol == 8'd6 && dst_port == 16'd443) begin
            allow = 1'b1;
        end
        // Rule 6: Protocol = TCP (6) AND dst_port = 22 -> ALLOW
        else if (protocol == 8'd6 && dst_port == 16'd22) begin
            allow = 1'b1;
        end
        // Rule 7: Protocol = UDP (17) AND dst_port = 53 -> ALLOW
        else if (protocol == 8'd17 && dst_port == 16'd53) begin
            allow = 1'b1;
        end
        // Rule 8: (Default) No match -> DROP
        else begin
            allow = 1'b0;
        end
    end

endmodule