FIx it, use sponge.

ddos-mitigator.sh

@@ -183,26 +183,29 @@ netstat -nt | grep "${MY_IP}:${MY_PORT}" | tr -s '[:blank:]' | cut -d' ' -f5 \
   | cut -d: -f1 | sort > "${fileraw}"
 
 # Group and sort the data into the subnet-specific files.
-uniq -c "${fileraw}" | sort -rn > "${file32}"
-cut -d. -f1-3 "${fileraw}" | sort | uniq -c | sort -rn > "${file24}"
-cut -d. -f1-2 "${fileraw}" | sort | uniq -c | sort -rn > "${file16}"
-cut -d. -f1 "${fileraw}" | sort | uniq -c | sort -rn > "${file8}"
+cp "${fileraw}" "${file32}"
+cut -d. -f1-3 "${fileraw}" | sort > "${file24}"
+cut -d. -f1-2 "${fileraw}" | sort > "${file16}"
+cut -d. -f1 "${fileraw}" | sort > "${file8}"
 
 function filter() {
-    # list of current connections
-    file="$1"
-    # subnet extension, e.g. ".0.0/16"
-    ext="$2"
-    rm -f "${filtered}"
-    
-    # Reject already banned addresses
-    while read -r -u3 address ; do
-        if [[ "${banned}" != *"${address}${ext}"* ]] ; then
-            echo "${address}" >> "${filtered}"
-        fi
-    done 3< "${file}"
+	# list of current connections
+	file="$1"
+	# subnet extension, e.g. ".0.0/16"
+	ext="$2"
+	rm -f "${filtered}"
 
-    mv "${filtered}" "${file}"
+	# Reject already banned addresses
+	while read -r -u3 address ; do
+		if [[ "${banned}" != *"${address}${ext}"* ]] ; then
+			echo "Considering ${address}."
+			echo "${address}" >> "${filtered}"
+		else
+			echo "IGNORING ${address}, already banned."
+		fi
+	done 3< "${file}"
+
+	mv "${filtered}" "${file}"
 }
 
 # Filter already banned addresses
@@ -211,6 +214,12 @@ filter "${file24}" "${ext24}"
 filter "${file16}" "${ext16}"
 filter "${file8}" "${ext8}"
 
+# Determine the number of connections per address
+uniq -c "${file32}" | sort -rn | sponge "${file32}"
+uniq -c "${file24}" | sort -rn | sponge "${file24}"
+uniq -c "${file16}" | sort -rn | sponge "${file16}"
+uniq -c "${file8}" | sort -rn | sponge "${file8}"
+
 # Determine the number of entries per file.
 nlines32=$(cat "${file32}" | wc -l)
 nlines24=$(cat "${file24}" | wc -l)