Public domain
cd /usr/src
wget -c http://ipset.netfilter.org/ipset-4.5.tar.bz2
tar xf ipset-4.5.tar.bz2
cd ipset-4.5
make KERNEL_DIR=/usr/src/linux-2.6.33.4
make KERNEL_DIR=/usr/src/linux-2.6.33.4 install
make KERNEL_DIR=/usr/src/linux-2.6.33.4 clean
#!/bin/bash
MAX="2000"
WEBREDIR="172.16.20.1:8000"
PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin"
# Delete previous mangle rules
while :; do
NUM=$(iptables -t mangle -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
if [ "${NUM}" == "" ]; then break; fi
iptables -t mangle -D PREROUTING ${NUM}
done
# Delete previous nat rules
while :; do
NUM=$(iptables -t nat -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
if [ "${NUM}" == "" ]; then break; fi
iptables -t nat -D PREROUTING ${NUM}
done
# Delete previous ipset rules
ipset -F
ipset -X
# Add new rules
ipset -N virus-redirect iptree --timeout 60
iptables -t mangle -I PREROUTING -m set --match-set virus-redirect src -j ACCEPT
iptables -t nat -I PREROUTING -m set --match-set virus-redirect src -p tcp --dport 80 --j DNAT --to ${WEBREDIR}
# Searching for bad users forever
sleep 5
while :; do
/usr/local/squid/bin/squidclient mgr:filedescriptors > filedescriptors.squid
tail -n +14 filedescriptors.squid |\
awk '{print$6}' |\
sed -e 's,:.*,,' |\
sort | uniq -c | sort | tail -100 > filedescriptors.tmp
COUNT=$(cat filedescriptors.tmp | wc -l)
for I in $(seq 1 $COUNT); do
LINE=$(tail -$I filedescriptors.tmp | head -1)
NUM=$(echo $LINE | awk '{print$1}')
IP=$(echo $LINE | awk '{print$2}')
if [ "$NUM" -ge "$MAX" ]; then
ipset -q -A virus-redirect $IP
if [ "$?" == "0" ]; then
NOW=$(date +"%F %T")
printf "%s : %5d %s\n" "$NOW" "$NUM" "$IP"
fi
fi
done
rm -f filedescriptors.squid filedescriptors.tmp
sleep 1
done
/usr/bin/env SCREENDIR="/root/.screen" /usr/bin/screen -dmS descriptors \
/root/scripts/filedescriptors.sh
BY: Pejman Moghadam
TAG: squid, filedescriptor, ipset
DATE: 2010-12-28 11:06:53