linux/ddos-mitigator
1
0
Fork 0
Code Issues Pull requests Releases 5 Wiki Activity

feature/ss-instead-of-netstat #2

Merged
manuel merged 8 commits from feature/ss-instead-of-netstat into master 2020-09-18 14:24:42 +02:00
Conversation 0 Commits 8 Files changed 1 +12 -3
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 3a15ac1ba3 - Show all commits

15
ddos-mitigator.sh
View file

@ -3,7 +3,7 @@
# # # #
# Try and prevent apache overloads by banning IP addresses that have (too) # # Try and prevent apache overloads by banning IP addresses that have (too) #
# many open connections. # # many open connections. #
# This script uses netstat to determine the connections to a configurable port # # This script uses ss to determine the connections to a configurable port #
# on the host machine and provides automated GeoIP information retrieval based # # on the host machine and provides automated GeoIP information retrieval based #
# the address or the /24-, /16- or /8-subnet thereof. A GeoIP city- or country # # the address or the /24-, /16- or /8-subnet thereof. A GeoIP city- or country #
# database must be installed separately and is provided to the script via a # # database must be installed separately and is provided to the script via a #
@ -26,8 +26,8 @@
# - net-analyzer/fail2ban (`fail2ban-client`) # # - net-analyzer/fail2ban (`fail2ban-client`) #
# - sys-apps/coreutils (`cut`, `id`, `sort`, `touch`, `tr`, `uniq`) # # - sys-apps/coreutils (`cut`, `id`, `sort`, `touch`, `tr`, `uniq`) #
# - sys-apps/grep (`grep`) # # - sys-apps/grep (`grep`) #
# - sys-apps/iproute2 (`ss`)
# - sys-apps/moreutils (`sponge`) # # - sys-apps/moreutils (`sponge`) #
# - sys-apps/net-tools (`netstat`) #
# - sys-apps/util-linux (`getopt`) # # - sys-apps/util-linux (`getopt`) #
# # # #
################################################################################ ################################################################################
@ -54,7 +54,7 @@ dependencies=(
"uniq" "sys-apps/coreutils" "uniq" "sys-apps/coreutils"
"grep" "sys-apps/grep" "grep" "sys-apps/grep"
"sponge" "sys-apps/moreutils" "sponge" "sys-apps/moreutils"
"netstat" "sys-apps/net-tools" "ss" "sys-apps/iproute2"
"getopt" "sys-apps/util-linux" "getopt" "sys-apps/util-linux"
) )
@ -468,6 +468,15 @@ banned="$(exec_as_root fail2ban-client get "${jail}" banip)"
# Determine the current connections to the desired port; store the raw data in # Determine the current connections to the desired port; store the raw data in
# $fileraw. # $fileraw.
magic=$(ss -HOn state established "( sport = :${port} )"|tr -s '[:blank:]'|cut -d' ' -f5)
ipv6mappedipv4="$(grep '^\[::ffff:' - < "${magic}")"
pureipv4="$(grep '^[^[]' - < "${magic}")"
echo "MAPPED: ${ipv6mappedipv4}"
echo "PURE: ${pureipv4}"
exit
netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \ netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \
| cut -d: -f1 | sort > "${fileraw}" | cut -d: -f1 | sort > "${fileraw}"