Slackware 13.1 64bit - Squid 3.1 filedescriptors control
========================================================

Public domain    
********************************************************************************
### ipset installation
    
    cd /usr/src
    wget -c http://ipset.netfilter.org/ipset-4.5.tar.bz2
    tar xf ipset-4.5.tar.bz2
    cd ipset-4.5
    make KERNEL_DIR=/usr/src/linux-2.6.33.4
    make KERNEL_DIR=/usr/src/linux-2.6.33.4 install
    make KERNEL_DIR=/usr/src/linux-2.6.33.4 clean 
    
********************************************************************************
### /root/scripts/filedescriptors.sh
    
    #!/bin/bash
    MAX="2000"
    WEBREDIR="172.16.20.1:8000"
    PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin"
    
    # Delete previous mangle rules
    while :; do
      NUM=$(iptables -t mangle -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
      if [ "${NUM}" == "" ]; then break; fi
      iptables -t mangle -D PREROUTING ${NUM}
    done
    
    # Delete previous nat rules
    while :; do
      NUM=$(iptables -t nat    -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
      if [ "${NUM}" == "" ]; then break; fi
      iptables -t nat -D PREROUTING ${NUM}
    done
    
    # Delete previous ipset rules
    ipset -F
    ipset -X
    
    # Add new rules
    ipset -N virus-redirect iptree --timeout 60
    iptables -t mangle -I PREROUTING -m set --match-set virus-redirect src -j ACCEPT
    iptables -t nat -I PREROUTING -m set --match-set virus-redirect src -p tcp --dport 80 --j DNAT --to ${WEBREDIR} 
    
    
    # Searching for bad users forever
    sleep 5
    while :; do
      /usr/local/squid/bin/squidclient mgr:filedescriptors > filedescriptors.squid
      tail -n +14 filedescriptors.squid |\
        awk '{print$6}' |\
        sed -e 's,:.*,,' |\
        sort | uniq -c | sort | tail -100 > filedescriptors.tmp
      COUNT=$(cat filedescriptors.tmp | wc -l)
      for I in $(seq  1 $COUNT); do
        LINE=$(tail -$I filedescriptors.tmp | head -1)
        NUM=$(echo $LINE | awk '{print$1}')
        IP=$(echo $LINE | awk '{print$2}')
        if [ "$NUM" -ge "$MAX" ]; then
          ipset -q -A virus-redirect $IP
          if [ "$?" == "0" ]; then
            NOW=$(date +"%F %T")
            printf "%s : %5d %s\n" "$NOW" "$NUM" "$IP"
          fi
        fi
      done
      rm -f filedescriptors.squid filedescriptors.tmp
      sleep 1
    done
    
********************************************************************************
### /etc/rc.d/rc.local
    
    /usr/bin/env SCREENDIR="/root/.screen" /usr/bin/screen -dmS descriptors \
      /root/scripts/filedescriptors.sh 
    
    
********************************************************************************
_BY: Pejman Moghadam_  
_TAG: squid, filedescriptor, ipset_  
_DATE: 2010-12-28 11:06:53_