Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help tcpdrop script
Top Forums Shell Programming and Scripting Help tcpdrop script Post 302906789 by cnamejj on Monday 23rd of June 2014 01:23:30 PM
Old 06-23-2014
Got it... But unless I'm missing something, once an IP is on your firewall's block list any packets received will be ignored. So the only "SYN_SENT" connections will be the ones setup before the firewall rule was added. Are those sticking around long enough to cause a problem? Since it's a fixed number can't you just leave them to timeout on their own?

Maybe there are PF rules (I'm not familiar with that package) that would implement the maximum connection per-IP logic you want. Meaning, can you add broad rule that won't allow any untrusted IP to have more than 70 connections at once?

Then you wouldn't need to kill the ones that do manage to get through before the firewall kicks in.

Also, does PF have a way to show the current list of blocked IP's? If so then you do need to kill processes that managed to get setup, you could run that PF command to generate a list of bad IP's, then use something like "lsof" to find all the open sockets connected to that IP then kill those processes. I think it might be simpler than figuring out which IP's to target by counting the number of connections each one has.
 

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

create a shell script that calls another script and and an awk script

Hi guys I have a shell script that executes sql statemets and sends the output to a file.the script takes in parameters executes sql and sends the result to an output file. #!/bin/sh echo " $2 $3 $4 $5 $6 $7 isql -w400 -U$2 -S$5 -P$3 << xxx use $4 go print"**Changes to the table... (0 Replies)
Discussion started by: magikminox
0 Replies

2. Shell Programming and Scripting

Script will keep checking running status of another script and also restart called script at night

I am using blow script :-- #!/bin/bash FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not if then # echo "process found" exit 0; else echo "process not found" exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Discussion started by: ketanraut
1 Replies

3. UNIX for Dummies Questions & Answers

Calling a script from master script to get value from called script

I am trying to call a script(callingscript.sh) from a master script(masterscript.sh) to get string type value from calling script to master script. I have used scripts mentioned below. #masterscript.sh ./callingscript.sh echo $fileExist #callingscript.sh echo "The script is called"... (2 Replies)
Discussion started by: Raj Roy
2 Replies

4. Shell Programming and Scripting

Shell script works fine as a standalone script but not as part of a bigger script

Hello all, I am facing a weird issue while executing a code below - #!/bin/bash cd /wload/baot/home/baotasa0/sandboxes_finance/ext_ukba_bde/pset sh UKBA_publish.sh UKBA 28082015 3 if then echo "Param file conversion for all the areas are completed, please check in your home directory"... (2 Replies)
Discussion started by: ektubbe
2 Replies

5. Shell Programming and Scripting

How to block first bash script until second bash script script launches web server/site?

I'm new to utilities like socat and netcat and I'm not clear if they will do what I need. I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes. I'm using Cygwin bash on Windows 10. My... (3 Replies)
Discussion started by: siegfried
3 Replies

LEARN ABOUT CENTOS

firewalld.conf

FIREWALLD.CONF(5)						  firewalld.conf						 FIREWALLD.CONF(5)

NAME

       firewalld.conf - firewalld configuration file

SYNOPSIS

       /etc/firewalld/firewalld.conf

DESCRIPTION

       firewalld.conf is loaded by firewalld during the initialization process. The file contains the basic configuration options for firewalld.

OPTIONS

       These are the options that can be set in the config file:

       DefaultZone
	   This sets the default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or
	   command line tool. The default zone is public.

       MinimalMark
	   For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way. To achieve
	   that these packets are marked using the MARK target iptables(8) and ip6tables(8). With the MinimalMark option a block of marks can be
	   reserved for private use; only marks over this value are used. The default MinimalMark value is 100.

       CleanupOnExit
	   If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched.
	   The default value is yes or true.

       Lockdown
	   If this option is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown
	   whitelist (see firewalld.lockdownwhitelist(5)). The default value is no or false.

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 														 FIREWALLD.CONF(5)
All times are GMT -4. The time now is 07:34 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy