应用于ipfw的一个过滤内网Ip的perl教本
时间:2007-04-25 来源:evegl
#!/usr/bin/perl
# by jimi_h
use strict;
use Cwd; my $config_dir = '../etc';
my $vip="./vip";
my $ipf="./ipf.conf";
my $flag="../flag";
my $global_time=time;
my @nat_ip=`/sbin/ipnat -l | grep "<- ->" | awk '{print \$2}' | sort | uniq -c | sort -rg | head -10`;
my (@filter_ip,@filter_table);
my (%vips,%filter,%ip_conns);
###########################################################
# --- Don't Filter User(IP) ---- #
###########################################################
my $vip_dbm="vip.dbm";
###########################################################
# --- IPFW Default Policy(Custom) ---- #
###########################################################
my $ipf_dbm="ipf.dbm";
###########################################################
my $ip_conns_dbm="ip_conns.dbm";
my $conns_500_dbm="conns_500.dbm";
my $conns_time_500_dbm="conns_500.time.dbm";
my $conns_800_dbm="conns_800.dbm";
my $conns_time_800_dbm="conns_800.time.dbm";
my $conns_1000_dbm="conns_1000.dbm";
my $conns_time_1000_dbm="conns_1000.time.dbm";
my (%conns_500,%conns_800,%conns_1000,%conns_time_500,%conns_time_800,%conns_time_1000); chdir ($config_dir) || die "Cannot open $config_dir";
dbmopen(%vips,"$vip_dbm",0644) || die "Cannot open DBM $vip_dbm:$!";
dbmopen(%filter,"$ipf_dbm",0644) || die "Cannot open DBM $ipf_dbm:$!";
dbmopen(%ip_conns,"$ip_conns_dbm",0644) || die "Cannot open DBM $ip_conns_dbm:$!";
dbmopen(%conns_500,"$conns_500_dbm",0644) || die "Cannot open DBM $conns_500_dbm:$!";
dbmopen(%conns_time_500,"$conns_time_500_dbm",0644) || die "Cannot open DBM $conns_time_500_dbm:$!";
dbmopen(%conns_800,"$conns_800_dbm",0644) || die "Cannot open DBM $conns_800_dbm:$!";
dbmopen(%conns_time_800,"$conns_time_800_dbm",0644) || die "Cannot open DBM $conns_time_800_dbm:$!";
dbmopen(%conns_1000,"$conns_1000_dbm",0644) || die "Cannot open DBM $conns_1000_dbm:$!";
dbmopen(%conns_time_1000,"$conns_time_1000_dbm",0644) || die "Cannot open DBM $conns_time_1000_dbm:$!";
foreach my $conns_ip (@nat_ip) {
chomp($conns_ip);
my ($conns,$ip) = split(/192\.168\./,$conns_ip);
$ip = "192.168.".$ip;
$ip_conns{$ip} = $conns;
if ((!(defined $vips{$ip})) && (!(defined $conns_500{$ip})) && (!(defined $conns_800{$ip}))
&& (!(defined $conns_1000{$ip})) && (!(defined $conns_time_500{$ip})) && (!(defined $conns_time_800{$ip}))
&& (!(defined $conns_time_1000{$ip}))) {
if ($ip_conns{$ip} > 500 && $ip_conns{$ip} <= 800 ) {
$conns_500{$ip} = "block in on xl0 proto tcp from $ip to any,$global_time";
$conns_time_500{$ip} = "$global_time";
} if ($ip_conns{$ip} > 800 && $ip_conns{$ip} <= 1000 ) {
$conns_800{$ip} = "block in on xl0 proto tcp from $ip to any,$global_time";
#$conns_time_800{$ip} = "$global_time";
} if ($ip_conns{$ip} > 1000) {
$conns_1000{$ip} = "block in on xl0 proto tcp from $ip to any,$global_time";
$conns_time_1000{$ip} = "$global_time";
}
}
} my $fw_cfg="ipfw.cfg";
open(CFG,">$fw_cfg") || die "Cannot Open File :$!"; foreach ( sort {$a <=> $b} keys %filter ) {
chomp($_);
print CFG "$filter{$_}\n";
} #print CFG "#Automatic Block Badguy\n";
foreach my $ips (sort {$a <=> $b} keys %conns_500 ) {
chomp($ips);
my ($cfg,$times) = split(/,/,$conns_500{$ips});
if (($global_time - $times) >= 130 ) {
delete $conns_500{$ips};
}
print CFG "$cfg\n";
} foreach (sort {$a <=> $b} keys %conns_800 ) {
chomp($_);
my ($cfg,$times) = split(/,/,$conns_800{$_});
if (($global_time - $times) >= 300 ) {
delete $conns_800{$_};
}
print CFG "$cfg\n";
}
foreach (sort {$a <=> $b} keys %conns_1000 ) {
chomp($_);
my ($cfg,$times) = split(/,/,$conns_1000{$_});
if (($global_time - $times) >= 600 ) {
delete $conns_1000{$_};
}
print CFG "$cfg\n";
}
close(CFG); dbmclose(%vips);
dbmclose(%filter);
dbmclose(%ip_conns);
dbmclose(%conns_500);
dbmclose(%conns_time_500);
dbmclose(%conns_800);
dbmclose(%conns_time_800);
dbmclose(%conns_1000);
dbmclose(%conns_time_1000); ###################################################################
use Fcntl qw(:flock); my $semaphore_file="./sample.sem"; sub get_lock {
open(SEM,">$semaphore_file") || die "Cannot create semaphore: $!";
flock(SEM,LOCK_EX) || die "Lock failed: $!";
} sub release_lock {
close(SEM);
} get_lock(); if ( -e $fw_cfg && -r $fw_cfg ) {
system("/sbin/ipf -Fa -f $fw_cfg");
} release_lock();
###################################################################
# by jimi_h
use strict;
use Cwd; my $config_dir = '../etc';
my $vip="./vip";
my $ipf="./ipf.conf";
my $flag="../flag";
my $global_time=time;
my @nat_ip=`/sbin/ipnat -l | grep "<- ->" | awk '{print \$2}' | sort | uniq -c | sort -rg | head -10`;
my (@filter_ip,@filter_table);
my (%vips,%filter,%ip_conns);
###########################################################
# --- Don't Filter User(IP) ---- #
###########################################################
my $vip_dbm="vip.dbm";
###########################################################
# --- IPFW Default Policy(Custom) ---- #
###########################################################
my $ipf_dbm="ipf.dbm";
###########################################################
my $ip_conns_dbm="ip_conns.dbm";
my $conns_500_dbm="conns_500.dbm";
my $conns_time_500_dbm="conns_500.time.dbm";
my $conns_800_dbm="conns_800.dbm";
my $conns_time_800_dbm="conns_800.time.dbm";
my $conns_1000_dbm="conns_1000.dbm";
my $conns_time_1000_dbm="conns_1000.time.dbm";
my (%conns_500,%conns_800,%conns_1000,%conns_time_500,%conns_time_800,%conns_time_1000); chdir ($config_dir) || die "Cannot open $config_dir";
dbmopen(%vips,"$vip_dbm",0644) || die "Cannot open DBM $vip_dbm:$!";
dbmopen(%filter,"$ipf_dbm",0644) || die "Cannot open DBM $ipf_dbm:$!";
dbmopen(%ip_conns,"$ip_conns_dbm",0644) || die "Cannot open DBM $ip_conns_dbm:$!";
dbmopen(%conns_500,"$conns_500_dbm",0644) || die "Cannot open DBM $conns_500_dbm:$!";
dbmopen(%conns_time_500,"$conns_time_500_dbm",0644) || die "Cannot open DBM $conns_time_500_dbm:$!";
dbmopen(%conns_800,"$conns_800_dbm",0644) || die "Cannot open DBM $conns_800_dbm:$!";
dbmopen(%conns_time_800,"$conns_time_800_dbm",0644) || die "Cannot open DBM $conns_time_800_dbm:$!";
dbmopen(%conns_1000,"$conns_1000_dbm",0644) || die "Cannot open DBM $conns_1000_dbm:$!";
dbmopen(%conns_time_1000,"$conns_time_1000_dbm",0644) || die "Cannot open DBM $conns_time_1000_dbm:$!";
foreach my $conns_ip (@nat_ip) {
chomp($conns_ip);
my ($conns,$ip) = split(/192\.168\./,$conns_ip);
$ip = "192.168.".$ip;
$ip_conns{$ip} = $conns;
if ((!(defined $vips{$ip})) && (!(defined $conns_500{$ip})) && (!(defined $conns_800{$ip}))
&& (!(defined $conns_1000{$ip})) && (!(defined $conns_time_500{$ip})) && (!(defined $conns_time_800{$ip}))
&& (!(defined $conns_time_1000{$ip}))) {
if ($ip_conns{$ip} > 500 && $ip_conns{$ip} <= 800 ) {
$conns_500{$ip} = "block in on xl0 proto tcp from $ip to any,$global_time";
$conns_time_500{$ip} = "$global_time";
} if ($ip_conns{$ip} > 800 && $ip_conns{$ip} <= 1000 ) {
$conns_800{$ip} = "block in on xl0 proto tcp from $ip to any,$global_time";
#$conns_time_800{$ip} = "$global_time";
} if ($ip_conns{$ip} > 1000) {
$conns_1000{$ip} = "block in on xl0 proto tcp from $ip to any,$global_time";
$conns_time_1000{$ip} = "$global_time";
}
}
} my $fw_cfg="ipfw.cfg";
open(CFG,">$fw_cfg") || die "Cannot Open File :$!"; foreach ( sort {$a <=> $b} keys %filter ) {
chomp($_);
print CFG "$filter{$_}\n";
} #print CFG "#Automatic Block Badguy\n";
foreach my $ips (sort {$a <=> $b} keys %conns_500 ) {
chomp($ips);
my ($cfg,$times) = split(/,/,$conns_500{$ips});
if (($global_time - $times) >= 130 ) {
delete $conns_500{$ips};
}
print CFG "$cfg\n";
} foreach (sort {$a <=> $b} keys %conns_800 ) {
chomp($_);
my ($cfg,$times) = split(/,/,$conns_800{$_});
if (($global_time - $times) >= 300 ) {
delete $conns_800{$_};
}
print CFG "$cfg\n";
}
foreach (sort {$a <=> $b} keys %conns_1000 ) {
chomp($_);
my ($cfg,$times) = split(/,/,$conns_1000{$_});
if (($global_time - $times) >= 600 ) {
delete $conns_1000{$_};
}
print CFG "$cfg\n";
}
close(CFG); dbmclose(%vips);
dbmclose(%filter);
dbmclose(%ip_conns);
dbmclose(%conns_500);
dbmclose(%conns_time_500);
dbmclose(%conns_800);
dbmclose(%conns_time_800);
dbmclose(%conns_1000);
dbmclose(%conns_time_1000); ###################################################################
use Fcntl qw(:flock); my $semaphore_file="./sample.sem"; sub get_lock {
open(SEM,">$semaphore_file") || die "Cannot create semaphore: $!";
flock(SEM,LOCK_EX) || die "Lock failed: $!";
} sub release_lock {
close(SEM);
} get_lock(); if ( -e $fw_cfg && -r $fw_cfg ) {
system("/sbin/ipf -Fa -f $fw_cfg");
} release_lock();
###################################################################
相关阅读 更多 +
