06-23-2014
Got it... But unless I'm missing something, once an IP is on your firewall's block list any packets received will be ignored. So the only "SYN_SENT" connections will be the ones setup before the firewall rule was added. Are those sticking around long enough to cause a problem? Since it's a fixed number can't you just leave them to timeout on their own?
Maybe there are PF rules (I'm not familiar with that package) that would implement the maximum connection per-IP logic you want. Meaning, can you add broad rule that won't allow any untrusted IP to have more than 70 connections at once?
Then you wouldn't need to kill the ones that do manage to get through before the firewall kicks in.
Also, does PF have a way to show the current list of blocked IP's? If so then you do need to kill processes that managed to get setup, you could run that PF command to generate a list of bad IP's, then use something like "lsof" to find all the open sockets connected to that IP then kill those processes. I think it might be simpler than figuring out which IP's to target by counting the number of connections each one has.
5 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi guys
I have a shell script that executes sql statemets and sends the output to a file.the script takes in parameters executes sql and sends the result to an output file.
#!/bin/sh
echo " $2 $3 $4 $5 $6 $7
isql -w400 -U$2 -S$5 -P$3 << xxx
use $4
go
print"**Changes to the table... (0 Replies)
Discussion started by: magikminox
0 Replies
2. Shell Programming and Scripting
I am using blow script :--
#!/bin/bash
FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not
if
then
# echo "process found"
exit 0;
else
echo "process not found"
exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Discussion started by: ketanraut
1 Replies
3. UNIX for Dummies Questions & Answers
I am trying to call a script(callingscript.sh) from a master script(masterscript.sh) to get string type value from calling script to master script. I have used scripts mentioned below.
#masterscript.sh
./callingscript.sh
echo $fileExist
#callingscript.sh
echo "The script is called"... (2 Replies)
Discussion started by: Raj Roy
2 Replies
4. Shell Programming and Scripting
Hello all,
I am facing a weird issue while executing a code below -
#!/bin/bash
cd /wload/baot/home/baotasa0/sandboxes_finance/ext_ukba_bde/pset
sh UKBA_publish.sh UKBA 28082015 3
if
then
echo "Param file conversion for all the areas are completed, please check in your home directory"... (2 Replies)
Discussion started by: ektubbe
2 Replies
5. Shell Programming and Scripting
I'm new to utilities like socat and netcat and I'm not clear if they will do what I need.
I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes.
I'm using Cygwin bash on Windows 10.
My... (3 Replies)
Discussion started by: siegfried
3 Replies
LEARN ABOUT MOJAVE
socketfilterfw
socketfilterfw(8) BSD System Manager's Manual socketfilterfw(8)
NAME
socketfilterfw -- Application Firewall daemon
SYNOPSIS
socketfilterfw [-hdlk] [--getglobalstate] [--setglobalstate on | off] [--getblockall] [--setblockall on | off] [--listapps]
[--getappblocked path] [--blockapp path] [--unblockapp path] [--add path] [--remove path] [--getallowsigned]
[--setallowsigned] [--setallowsignedapp] [--getstealthmode] [--setstealthmode on | off] [--getloggingmode]
[--setloggingmode on | off] [--getloggingopt] [--setloggingopt throttled | brief | detail]
DESCRIPTION
socketfilterfw is a daemon that gets launched on demand when the Application Firewall is enabled. There are also command-line options to
change the Application Firewall behavior.
OPTIONS
The command line options are as follows:
-h Display this help and exit.
-d Turn on debugging.
-l Do logging and run in daemon mode.
-k Kill daemon.
--getglobalstate
Display if the firewall is enabled or not.
--setglobalstate on | off
Turn the firewall on or off.
--getblockall
Show whether block all is enabled or not.
--setblockall on | off
Enable or disable block all option.
--listapps
Display a list of paths of added applications.
--getappblocked path
Show whether connections are blocked or not for the application at the indicated path.
--blockapp path
Block the application at the indicated path.
--unblockapp path
Unblock the application at the indicated path.
--add path
Add the application at the indicated path to the firewall.
--remove path
Remove the application at the indicated path from the firewall.
--getallowsigned
Show whether built-in and downloaded signed applications are to automatically receive incoming connections.
--setallowsigned
Set whether built-in signed applications are to automatically receive incoming connections or not.
--setallowsignedapp
Set whether downloaded signed applications are to automatically receive incoming connections or not.
--getstealthmode
Show whether stealth mode is on or not.
--setstealthmode on | off
Set stealth mode on or off.
--getloggingmode
Show whether logging is on or not.
--setloggingmode on | off
Set logging to on or off.
--getloggingopt
Show logging option.
--setloggingopt throttled | brief | detail
Set logging option.
Mac OS November 10, 2016 Mac OS