2020-09-18 14:24:42 +02:00
1 changed files with 12 additions and 3 deletions
--- a/ddos-mitigator.sh
+++ b/ddos-mitigator.sh
@ -3,7 +3,7 @@
 #                                                                              #
 # Try and prevent apache overloads by banning IP addresses that have (too)     #
 # many open connections.                                                       #
-# This script uses netstat to determine the connections to a configurable port #
+# This script uses ss to determine the connections to a configurable port      #
 # on the host machine and provides automated GeoIP information retrieval based #
 # the address or the /24-, /16- or /8-subnet thereof. A GeoIP city- or country #
 # database must be installed separately and is provided to the script via a    #
@ -26,8 +26,8 @@
 #   - net-analyzer/fail2ban (`fail2ban-client`)                                #
 #   - sys-apps/coreutils (`cut`, `id`, `sort`, `touch`, `tr`, `uniq`)          #
 #   - sys-apps/grep (`grep`)                                                   #
+#   - sys-apps/iproute2 (`ss`)
 #   - sys-apps/moreutils (`sponge`)                                            #
-#   - sys-apps/net-tools (`netstat`)                                           #
 #   - sys-apps/util-linux (`getopt`)                                           #
 #                                                                              #
 ################################################################################
@ -54,7 +54,7 @@ dependencies=(
 	"uniq" "sys-apps/coreutils"
 	"grep" "sys-apps/grep"
 	"sponge" "sys-apps/moreutils"
-	"netstat" "sys-apps/net-tools"
+	"ss" "sys-apps/iproute2"
 	"getopt" "sys-apps/util-linux"
 )

@ -468,6 +468,15 @@ banned="$(exec_as_root fail2ban-client get "${jail}" banip)"

 # Determine the current connections to the desired port; store the raw data in
 # $fileraw.
+magic=$(ss -HOn state established "( sport = :${port} )"|tr -s '[:blank:]'|cut -d' ' -f5)
+
+ipv6mappedipv4="$(grep '^\[::ffff:' - < "${magic}")"
+pureipv4="$(grep '^[^[]' - < "${magic}")"
+
+echo "MAPPED: ${ipv6mappedipv4}"
+echo "PURE: ${pureipv4}"
+
+exit
 netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \
  | cut -d: -f1 | sort > "${fileraw}"