linux/ddos-mitigator
1
0
Fork 0
Code Issues Pull requests Releases 5 Wiki Activity

Make it actually work.

Browse source 
To do: validate input from config file.
This commit is contained in:
Manuel Friedli 2020-11-24 20:42:11 +01:00
parent 0871a25bf7
commit 8e0f22da8f
2 changed files with 33 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ddos-mitigator.conf
View file

@ -10,7 +10,7 @@ DATABASE_FILE="/path/to/geoip/country-or-city-database.mmdb"
# Enable the autopilot for automatically banning IP addresses of the desired countries (see also COUNTRIES option). # Enable the autopilot for automatically banning IP addresses of the desired countries (see also COUNTRIES option).
# Only ban IP addresses with at least AUTOPILOT current connections. If the value is not specified or 0, don't # Only ban IP addresses with at least AUTOPILOT current connections. If the value is not specified or 0, don't
# automatically ban IP addresses, but run in interactive mode. # automatically ban IP addresses, but run in interactive mode.
AUTOPILOT="1" AUTOPILOT="0"
# Defines the subnet size in bytes to be analyzed. Valid values are: # Defines the subnet size in bytes to be analyzed. Valid values are:
# - 8 for class A networks (X.0.0.0/8) # - 8 for class A networks (X.0.0.0/8)

43
ddos-mitigator.sh
View file

@ -198,24 +198,42 @@ function filter() {
mv "${filtered}" "${file}" mv "${filtered}" "${file}"
} }
function set_default_values() {
if [[ -z "${autopilot}" ]]; then
autopilot=0
fi
if [[ -z "${netmask}" ]]; then
netmask=0
fi
if [[ -z "${jail}" ]]; then
jail="apache-auth"
fi
if [[ -z "${bancountries}" ]]; then
bancountries=("CN")
fi
if [[ -z "${port}" ]]; then
port=443
fi
}
function parse_config_file() { function parse_config_file() {
source "${configfile}" source "${configfile}"
if [[ -z "${autopilot+x}" ]]; then if [[ -z "${autopilot}" ]]; then
autopilot="${AUTOPILOT}" autopilot="${AUTOPILOT}"
fi fi
if [[ -z "${bancountries}" ]]; then if [[ -z "${bancountries}" ]]; then
bancountries=()${COUNTRIES[@]}) bancountries=(${COUNTRIES[@]})
fi fi
if [[ -z "${database+x}" ]]; then if [[ -z "${database}" ]]; then
database="${DATABASE_FILE}" database="${DATABASE_FILE}"
fi fi
if [[ -z "${jail+x}" ]]; then if [[ -z "${jail}" ]]; then
jail="${JAIL}" jail="${JAIL}"
fi fi
if [[ -z "${netmask+x}" ]]; then if [[ -z "${netmask}" ]]; then
netmask="${NETMASK}" netmask="${NETMASK}"
fi fi
if [[ -z "${port+x}" ]]; then if [[ -z "${port}" ]]; then
port="${PORT}" port="${PORT}"
fi fi
} }
@ -331,6 +349,9 @@ function parse_command_line_args() {
echo "Database '${database}' is not accessible." >&2 echo "Database '${database}' is not accessible." >&2
exit 1 exit 1
fi fi
# Here, we set the default values for all options that have not been set yet.
set_default_values
} }
################################################################################ ################################################################################
@ -483,12 +504,12 @@ banlist="${tmpdir}/banlist.txt"
touch "${banlist}" touch "${banlist}"
# Parse the command line options # Parse the command line options
autopilot=0 autopilot=
netmask=0 netmask=
jail="apache-auth" jail=
bancountries=("CN") bancountries=
database= database=
port=443 port=
parse_command_line_args "$@" parse_command_line_args "$@"