linux/ddos-mitigator
1
0
Fork 0
Code Issues Pull requests Releases 5 Wiki Activity

Fiddling around with ss and grep.

Browse source
This commit is contained in:
Manuel Friedli 2020-08-04 17:46:23 +02:00
parent c4600f34b6
commit 3a15ac1ba3
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
ddos-mitigator.sh
View file

@ -3,7 +3,7 @@
# #
# Try and prevent apache overloads by banning IP addresses that have (too) #
# many open connections. #
# This script uses netstat to determine the connections to a configurable port #
# This script uses ss to determine the connections to a configurable port #
# on the host machine and provides automated GeoIP information retrieval based #
# the address or the /24-, /16- or /8-subnet thereof. A GeoIP city- or country #
# database must be installed separately and is provided to the script via a #
@ -26,8 +26,8 @@
# - net-analyzer/fail2ban (`fail2ban-client`) #
# - sys-apps/coreutils (`cut`, `id`, `sort`, `touch`, `tr`, `uniq`) #
# - sys-apps/grep (`grep`) #
# - sys-apps/iproute2 (`ss`)
# - sys-apps/moreutils (`sponge`) #
# - sys-apps/net-tools (`netstat`) #
# - sys-apps/util-linux (`getopt`) #
# #
################################################################################
@ -54,7 +54,7 @@ dependencies=(
"uniq" "sys-apps/coreutils"
"grep" "sys-apps/grep"
"sponge" "sys-apps/moreutils"
"netstat" "sys-apps/net-tools"
"ss" "sys-apps/iproute2"
"getopt" "sys-apps/util-linux"
)
@ -468,6 +468,15 @@ banned="$(exec_as_root fail2ban-client get "${jail}" banip)"
# Determine the current connections to the desired port; store the raw data in
# $fileraw.
magic=$(ss -HOn state established "( sport = :${port} )"|tr -s '[:blank:]'|cut -d' ' -f5)
ipv6mappedipv4="$(grep '^\[::ffff:' - < "${magic}")"
pureipv4="$(grep '^[^[]' - < "${magic}")"
echo "MAPPED: ${ipv6mappedipv4}"
echo "PURE: ${pureipv4}"
exit
netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \
| cut -d: -f1 | sort > "${fileraw}"