From 3a15ac1ba35bfc2cf8995a827c1ca8d4a3b2627b Mon Sep 17 00:00:00 2001
From: Manuel Friedli <manuel@fritteli.ch>
Date: Tue, 4 Aug 2020 17:46:23 +0200
Subject: [PATCH] Fiddling around with ss and grep.

---
 ddos-mitigator.sh | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/ddos-mitigator.sh b/ddos-mitigator.sh
index 1c7cf1c..b26af8f 100755
--- a/ddos-mitigator.sh
+++ b/ddos-mitigator.sh
@@ -3,7 +3,7 @@
 #                                                                              #
 # Try and prevent apache overloads by banning IP addresses that have (too)     #
 # many open connections.                                                       #
-# This script uses netstat to determine the connections to a configurable port #
+# This script uses ss to determine the connections to a configurable port      #
 # on the host machine and provides automated GeoIP information retrieval based #
 # the address or the /24-, /16- or /8-subnet thereof. A GeoIP city- or country #
 # database must be installed separately and is provided to the script via a    #
@@ -26,8 +26,8 @@
 #   - net-analyzer/fail2ban (`fail2ban-client`)                                #
 #   - sys-apps/coreutils (`cut`, `id`, `sort`, `touch`, `tr`, `uniq`)          #
 #   - sys-apps/grep (`grep`)                                                   #
+#   - sys-apps/iproute2 (`ss`)
 #   - sys-apps/moreutils (`sponge`)                                            #
-#   - sys-apps/net-tools (`netstat`)                                           #
 #   - sys-apps/util-linux (`getopt`)                                           #
 #                                                                              #
 ################################################################################
@@ -54,7 +54,7 @@ dependencies=(
 	"uniq" "sys-apps/coreutils"
 	"grep" "sys-apps/grep"
 	"sponge" "sys-apps/moreutils"
-	"netstat" "sys-apps/net-tools"
+	"ss" "sys-apps/iproute2"
 	"getopt" "sys-apps/util-linux"
 )
 
@@ -468,6 +468,15 @@ banned="$(exec_as_root fail2ban-client get "${jail}" banip)"
 
 # Determine the current connections to the desired port; store the raw data in
 # $fileraw.
+magic=$(ss -HOn state established "( sport = :${port} )"|tr -s '[:blank:]'|cut -d' ' -f5)
+
+ipv6mappedipv4="$(grep '^\[::ffff:' - < "${magic}")"
+pureipv4="$(grep '^[^[]' - < "${magic}")"
+
+echo "MAPPED: ${ipv6mappedipv4}"
+echo "PURE: ${pureipv4}"
+
+exit
 netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \
   | cut -d: -f1 | sort > "${fileraw}"