Last active
February 28, 2020 16:52
-
-
Save AysadKozanoglu/e77b810192627864e158b48df9f45d18 to your computer and use it in GitHub Desktop.
get the informations with netstat and and see of count of connetion per ip and if the limit is reached block it in ipatbles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # auto detetion and blocking | |
| # source of flooting ip adress | |
| # | |
| # by Aysad Kozanoglu | |
| # email: aysadx@gmail.com | |
| # | |
| # manually unblock the blocked source ip: | |
| # | |
| # 1. iptables -L -n -v --line-numbers | grep 37.221.55.33 | |
| # -> the first gives you the line number | |
| # | |
| # 2. iptables -D INPUT 43 | |
| # -> delete the rule on line 43 | |
| # | |
| n=$(netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -r) | |
| # max connections allowed | |
| burst=50 | |
| nextBan=0 | |
| for k in $n | |
| do | |
| #echo $k | |
| # iptable rule to block ip | |
| if [ "$nextBan" == 1 ] | |
| then | |
| #Get the first block of ip adress to block whole /16 subnet source adresses | |
| subnet=$(echo $k | cut -d. -f1-2) | |
| iptables -I INPUT -s $subnet.0.0/16 -j DROP | |
| #iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP | |
| nextBan=0 | |
| fi | |
| if [ "$k" -eq "$k" ] 2>/dev/null; | |
| then | |
| if(($k > $burst)) | |
| then | |
| # next ip has to ban on next round of step | |
| nextBan=1 | |
| fi | |
| fi | |
| done | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment