diff --git a/ddos-mitigator.sh b/ddos-mitigator.sh index 43b63b6..22fee09 100755 --- a/ddos-mitigator.sh +++ b/ddos-mitigator.sh @@ -38,8 +38,6 @@ # Set the host's own IP address. So far, only an IPv4 address is supported. MY_IP="94.199.214.20" -# Set the desired port to monitor. -MY_PORT="443" # After this point, no editing is required. start=$(date +%s) @@ -104,6 +102,9 @@ Usage: $(basename $0) -d FILE [OPTION...] - 3 or 24 for class C networks (X.X.X.0/24) - 4 or 32 for class D networks (X.X.X.X/32) + -p, --port=PORT The desired port to monitor. + Defaults to 443 (https). + -h, --help Show this help message Mandatory or optional arguments to long options are also mandatory or optional @@ -130,6 +131,7 @@ function filter() { # subnet suffix, e.g. "/16" suffix="$3" rm -f "${filtered}" + touch "${filtered}" # Reject already banned addresses while read -r -u3 address ; do @@ -144,7 +146,7 @@ function filter() { } function parse_command_line_args() { - TEMP=$(getopt -o 'a::,c:,d:,j:,n:,h' -l 'auto::,country:,database:,jail:,netmask:,help' -- "$@") + TEMP=$(getopt -o 'a::,c:,d:,j:,n:,p:,h' -l 'auto::,country:,database:,jail:,netmask:,port:,help' -- "$@") if [ $? -ne 0 ] ; then echo 'Error parsing command line options. Terminating. Invoke with --help for help.' >&2 @@ -204,6 +206,10 @@ function parse_command_line_args() { esac shift ;; + '-p'|'--port') + port="$2" + shift + ;; '-h'|'--help') print_help exit @@ -388,6 +394,7 @@ netmask=0 jail="apache-auth" bancountry="CN" database= +port=443 parse_command_line_args "$@" @@ -410,7 +417,7 @@ banned="$(exec_as_root fail2ban-client get "${jail}" banip)" # Determine the current connections to the desired port; store the raw data in # $fileraw. -netstat -nt | grep "${MY_IP}:${MY_PORT}" | tr -s '[:blank:]' | cut -d' ' -f5 \ +netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \ | cut -d: -f1 | sort > "${fileraw}" # Group and sort the data into the subnet-specific files.