Help tcpdrop script Post: 302906789

Sponsored Content

Top Forums Shell Programming and Scripting Help tcpdrop script Post 302906789 by cnamejj on Monday 23rd of June 2014 01:23:30 PM

06-23-2014

Registered User

Got it... But unless I'm missing something, once an IP is on your firewall's block list any packets received will be ignored. So the only "SYN_SENT" connections will be the ones setup before the firewall rule was added. Are those sticking around long enough to cause a problem? Since it's a fixed number can't you just leave them to timeout on their own?

Maybe there are PF rules (I'm not familiar with that package) that would implement the maximum connection per-IP logic you want. Meaning, can you add broad rule that won't allow any untrusted IP to have more than 70 connections at once?

Then you wouldn't need to kill the ones that do manage to get through before the firewall kicks in.

Also, does PF have a way to show the current list of blocked IP's? If so then you do need to kill processes that managed to get setup, you could run that PF command to generate a list of bad IP's, then use something like "lsof" to find all the open sockets connected to that IP then kill those processes. I think it might be simpler than figuring out which IP's to target by counting the number of connections each one has.

cnamejj

View Public Profile for cnamejj

Find all posts by cnamejj

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

create a shell script that calls another script and and an awk script

Hi guys I have a shell script that executes sql statemets and sends the output to a file.the script takes in parameters executes sql and sends the result to an output file. #!/bin/sh echo " $2 $3 $4 $5 $6 $7 isql -w400 -U$2 -S$5 -P$3 << xxx use $4 go print"**Changes to the table...

2. Shell Programming and Scripting

Script will keep checking running status of another script and also restart called script at night

I am using blow script :-- #!/bin/bash FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not if then # echo "process found" exit 0; else echo "process not found" exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ...

3. UNIX for Dummies Questions & Answers

Calling a script from master script to get value from called script

I am trying to call a script(callingscript.sh) from a master script(masterscript.sh) to get string type value from calling script to master script. I have used scripts mentioned below. #masterscript.sh ./callingscript.sh echo $fileExist #callingscript.sh echo "The script is called"...

4. Shell Programming and Scripting

Shell script works fine as a standalone script but not as part of a bigger script

Hello all, I am facing a weird issue while executing a code below - #!/bin/bash cd /wload/baot/home/baotasa0/sandboxes_finance/ext_ukba_bde/pset sh UKBA_publish.sh UKBA 28082015 3 if then echo "Param file conversion for all the areas are completed, please check in your home directory"...

5. Shell Programming and Scripting

How to block first bash script until second bash script script launches web server/site?

I'm new to utilities like socat and netcat and I'm not clear if they will do what I need. I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes. I'm using Cygwin bash on Windows 10. My...

LEARN ABOUT MOJAVE

socketfilterfw

socketfilterfw(8)					    BSD System Manager's Manual 					 socketfilterfw(8)

NAME

     socketfilterfw -- Application Firewall daemon

SYNOPSIS

     socketfilterfw [-hdlk] [--getglobalstate] [--setglobalstate on | off] [--getblockall] [--setblockall on | off] [--listapps]
		    [--getappblocked path] [--blockapp path] [--unblockapp path] [--add path] [--remove path] [--getallowsigned]
		    [--setallowsigned] [--setallowsignedapp] [--getstealthmode] [--setstealthmode on | off] [--getloggingmode]
		    [--setloggingmode on | off] [--getloggingopt] [--setloggingopt throttled | brief | detail]

DESCRIPTION

     socketfilterfw is a daemon that gets launched on demand when the Application Firewall is enabled.	There are also command-line options to
     change the Application Firewall behavior.

OPTIONS

     The command line options are as follows:

     -h      Display this help and exit.

     -d      Turn on debugging.

     -l      Do logging and run in daemon mode.

     -k      Kill daemon.

     --getglobalstate
	     Display if the firewall is enabled or not.

     --setglobalstate on | off
	     Turn the firewall on or off.

     --getblockall
	     Show whether block all is enabled or not.

     --setblockall on | off
	     Enable or disable block all option.

     --listapps
	     Display a list of paths of added applications.

     --getappblocked path
	     Show whether connections are blocked or not for the application at the indicated path.

     --blockapp path
	     Block the application at the indicated path.

     --unblockapp path
	     Unblock the application at the indicated path.

     --add path
	     Add the application at the indicated path to the firewall.

     --remove path
	     Remove the application at the indicated path from the firewall.

     --getallowsigned
	     Show whether built-in and downloaded signed applications are to automatically receive incoming connections.

     --setallowsigned
	     Set whether built-in signed applications are to automatically receive incoming connections or not.

     --setallowsignedapp
	     Set whether downloaded signed applications are to automatically receive incoming connections or not.

     --getstealthmode
	     Show whether stealth mode is on or not.

     --setstealthmode on | off
	     Set stealth mode on or off.

     --getloggingmode
	     Show whether logging is on or not.

     --setloggingmode on | off
	     Set logging to on or off.

     --getloggingopt
	     Show logging option.

     --setloggingopt throttled | brief | detail
	     Set logging option.

Mac OS								 November 10, 2016							    Mac OS