Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Block all incoming connection for 10h

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Block all incoming connection for 10h
# 1  
Old 11-24-2012
Block all incoming connection for 10h
Hi all,

I am working on a shell script that blocks all incoming and outgoing connections
for 10 hours. After then hours everything will be unblocked again.

i am using the ipfw command and put it to sleep the amount of time in seconds.

Code:
ipfw -q flush
ipfw -f add deny tcp from any to any any keep-state setup
sleep 36000
ipfw -q flush

this works so far, so good. But the problem, I am facing now, is, that when I restart the computer the script will be killed. As I have very low programming skills, I think I need to store a variable to /var/lib and call it when the computer gets restarted. What's the best way to solve this problem. Thank you in advance.
# 2  
Old 11-24-2012
If you block for the same 10 hours every day then put what you have in a simple script.
Write the script so that the ipfw command is a full specification: /path/to/ipfw
Code:
which ipfw

will give the the actual path, this is a non-working example:
Do all of this a the root user:

Code:
#!/bin/bash
# file: block.sh
/path/to/ipfw -q flush
/path/to/ipfw -f add deny tcp from any to any any keep-state setup
sleep 36000
/path/to/ipfw -q flush

Code:
chmod +x  block.sh
cp -p block.sh /usr/local/bin


Let's say you want to block traffic starting at 19:00, make your script run every day of the week at 10:00 -- as root use:
Code:
crontab -e

Enter the following
Code:
0 19 * * *  /usr/local/bin/block.sh 2 >> /tmp/block_err.log

Save the changes. The code will automatically run every day.

This is how to do it. Why? In most shops this would cause a production box to have lots of problems. It is very unusual, except possibly for a personal desktop.
# 3  
Old 11-24-2012
Thank you for response Jim.
I just stumbled over the crontab solution. To give you a little bit more background on this project: I found an old AOL 10 hours free Internet disk at home. You might remember this, finding them in your mail in the '00's Smilie
anyways, I started to create the idea of making an app that you start and all in/out connections will be blocked for 10 hours. Even when you restart the computer. so, it's more an art project. This app is free for download for everyone. Long story short:
The user who has downloaded and installed the app should be able to have any Internet connection for 10 hours. Even when he/she restarts their computer.

I think, I have to create a crontab and make it "login or after restart", then I have to call the variable with date the application was started.

Code:
#!/bin/bash
mkdir -p /System/Library/StartupItems/nointernet
mkdir -p /var/lib/nointernet
mydate=$( date +%s )
echo $mydate > /var/lib/nointernet/datelog.txt

I am using Platypus to build the App.

i will be deeply thankful for any help.
# 4  
Old 11-24-2012
I know nothing about google sharing or Platypus....
# 5  
Old 12-02-2012
okay, here's another update on the script I'm working on.
Code:
#!/bin/bash

set -x # DEBUG

# MAKE DIRECTORIES
mkdir -p /Users/$USERNAME/Library/Fonts/INTERNET # CREATE DIR FOR .SH AND DATE

# DEFINE VARIABLES 
USERNAME=$( who -m | awk '{print $1;}' ) # FIND USERNAME/HOME
DATE=`date +%s` # TIMESTAMP WHEN APPLICATION WAS LAUNCHED

# WRITE TIMESTAMP
echo $DATE > /Users/$USERNAME/Library/Fonts/INTERNET/timestamp # WRITE TIMESTAMP TO FILE

# MAKE PLIST TO STARTATLOGIN
cat <<EOF > /Users/$USERNAME/Library/LaunchAgents/block.plist
<plist version="1.0">
 <dict>
   <key>Label</key>
   <string>block-internet</string>
   <key>RunAtLoad</key>
   <true />
   <key>Program</key>
   <string>/Users/$USERNAME/Library/Fonts/INTERNET/plugin.sh</string>
  </dict>
</plist>
EOF

# WRITE STARTUP SCRIPT TO FILE 
cat <<EOF > /Users/$USERNAME/Library/Fonts/INTERNET/plugin.sh
#!/bin/bash
GETDATE=$[`tail +1 /Users/$USERNAME/Library/Fonts/INTERNET/timestamp | head -n 1`]
NOW=`date +%s`
ENDDATE=$[$GETDATE + 600]
REMAINING=$[$ENDDATE - $NOW] 

if [ $REMAINING -lt $ENDDATE ] ; then

	ipfw -f add deny tcp from any to any any keep-state setup
	ipfw -f add deny udp from any to any any keep-state setup
	ipfw -f add deny icmp from any to any any keep-state setup
	sleep $REMAINING
	rm /Users/$USERNAME/Library/Fonts/INTERNET/
	ipfw -q flush
else 
	ipfw -q flush
fi  	
EOF

chmod +x /Users/$USERNAME/Library/Fonts/INTERNET/plugin.sh

launchctl load /Users/$USERNAME/Library/LaunchAgents/block.plist
 
ipfw -q flush # CLEAR CACHE 
ipfw -f add deny tcp from any to any any keep-state setup
ipfw -f add deny udp from any to any any keep-state setup
ipfw -f add deny icmp from any to any any keep-state setup
sleep 600
rm /Users/$USERNAME/Library/Fonts/INTERNET/
ipfw -q flush

somehow it seems, I cannot calculate the variable for $ENDDATE and $REMAINING to work. What am I doing wrong?
# 6  
Old 12-02-2012
Try with this correction:-
Code:
GETDATE=$( tail +1 /Users/$USERNAME/Library/Fonts/INTERNET/timestamp | head -n 1 )
NOW=$( date +"%s" )
ENDDATE=$( expr $GETDATE + 600 )
REMAINING=$( expr $ENDDATE - $NOW )

# 7  
Old 12-02-2012
Thank you for your response bipinajith,
but it's still not working. I simplified the script a little for this post: (I added your code in there)

Code:
#!/bin/bash
set -x # DEBUG

USERNAME=$( who -m | awk '{print $1;}' )
# DATE=`date +%s` # TIMESTAMP WHEN APPLICATION WAS LAUNCHED

# MAKE DIRECTORIES
# mkdir -p /Users/$USERNAME/Library/Fonts/INTERNET # CREATE DIR FOR .SH AND DATE

# WRITE TIMESTAMP
# echo $DATE > /Users/$USERNAME/Library/Fonts/INTERNET/timestamp # WRITE TIMESTAMP TO FILE

# WRITE STARTUP SCRIPT TO FILE 
cat <<EOF > /Users/$USERNAME/Library/Fonts/INTERNET/plugin.sh 
#!/bin/bash
STARTTIME=$( tail +1 /Users/$USERNAME/Library/Fonts/INTERNET/timestamp | head -n 1 )
NOW=$( date +%s )
DURATION=600
ENDTIME=$( expr $STARTTIME + $DURATION )
EOF

Here the code I'm getting when I execute it:

Code:
#!/bin/bash
STARTTIME=1354225116
NOW=1354482818
DURATION=600
ENDTIME=+

The $ENDTIME variable is still not being calculated. Smilie

btw, I'm running OSX, GNU bash, version 3.2.48(1)-release (x86_64-apple-darwin11)
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. IP Networking

All incoming connections ips LOG

How to make a log that will log all ips that connect to the server or send packets? And how to block an ip that make packets flood and try to DDoS? Thanks. (1 Reply)
Discussion started by: [xEF]Danger
1 Replies

2. Linux

how to allow incoming UDP packets with iptables

I am looking for an iptables command to allow incoming UDP packets for my Linux server also is there a command I can use to set the default action for outgoing packets to accept? Thank you (1 Reply)
Discussion started by: crimputt
1 Replies

3. Linux

incoming mails not coming

I am using Linux box. i am able to send mails through sendmail to local and other domains. i am not receving any incoming mails. dovecot service is running. (4 Replies)
Discussion started by: harishindn
4 Replies

4. Solaris

Solaris 10 ftp connection problem (connection refused, connection timed out)

Hi everyone, I am hoping anyone of you could help me in this weird problem we have in 1 of our Solaris 10 servers. Lately, we have been having some ftp problems in this server. Though it can ping any server within the network, it seems that it can only ftp to a select few. For most servers, the... (4 Replies)
Discussion started by: labdakos
4 Replies

5. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

6. Shell Programming and Scripting

Incoming mail Alert !!

Hi, If I am getting any new mail in my mail box I need an alet message . Please help me to get the script .. (1 Reply)
Discussion started by: pranabrana
1 Replies

7. IP Networking

handling incoming messages

I have a few clients connecting to the server(which is using select()) and theyre trying to send messages to each other. How do I wait for input on stdin and at the same time I wait for data to being sent from the server? Should I use select() in my client too? How exactly though? (1 Reply)
Discussion started by: charlitos
1 Replies

8. Shell Programming and Scripting

Script to number incoming files

Hey guys, I am working on a Cshell script and I am stuck on this one part. I need to be able to copy in files to my directory but give them different names so they don't overwrite each other. For example, my folder already contains FILE.1 I want my script to name the next file copied over... (5 Replies)
Discussion started by: hootdocta5
5 Replies

9. UNIX for Dummies Questions & Answers

how to automate incoming mail processing

Hi All, I require to develop some script which will continuously be looking for mails from some specific mail addresses on AIX server. Once any such mail arrives, the process will look into the mail subject and mail body to search for some keywords like success or failure, filename etc.... (3 Replies)
Discussion started by: vivek8220
3 Replies

10. UNIX for Dummies Questions & Answers

Check incoming mail to sendmail

I'm trying to find a command to check what mail is being sent to my sendmail server... Can't seem to find it... anyone know how to do this? (1 Reply)
Discussion started by: kingdbag
1 Replies
Login or Register to Ask a Question