Skip to content

Instantly share code, notes, and snippets.

@dmytro
Last active November 8, 2018 11:14
Show Gist options
  • Save dmytro/7887843 to your computer and use it in GitHub Desktop.
Save dmytro/7887843 to your computer and use it in GitHub Desktop.
Shell script for SYN flood DOS attacks prevention. Use sqlite3 to filter IP's
#!/bin/bash
SLEEP=120
MAX_CONN=20
MY_IP=0.0.0.0 # Configure your IP here
while true; do
(
echo "create table ips (ip string);"
echo 'begin transaction;'
netstat -an | grep -v ESTABLISHED | grep ${MY_IP}:80 | awk '{print $5}' | cut -f4 -d: | while read IP; do
echo "insert into ips values ('$IP');"
done
echo 'commit;'
echo "select ip from (select ip, count(ip) c from ips where ip != '' group by ip having c > $MAX_CONN order by c asc);"
) | sqlite3 |\
while read BLOCK; do
iptables -I INPUT -s $BLOCK -j DROP
done
iptables-save > iptables.last
sleep $SLEEP
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment