How to get a list of all the IP Adresses accessing your server...
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to get a list of all the IP Adresses accessing your server...
Hello All,
I was asked by my boss to create him a web-page that would give him a list of all the IP Addresses currently connected to our FreeBSD server and possibly give him the option of killing certain connections.
I know that you can view current connections through 'netstat -a' but is there a solution to the problem mentioned above? If so, could you show me where to start?
I have been Googling for a while now but have not come accross any solutions.
The dangerous thing about having a "kill" button is that you need root (or similar) permissions to do such a thing ... I have no doubt your boss wants to have a single button he can click to kill a connection; that's some pretty insecure scriptwork, though it is possible through some 'exec' commands (depending on your programming language of choice, PHP most likely)
I agree, having the 'kill' button leaves a huge hole in security.
Forget having a 'kill' button for the moment: is it possible to use php or perl to get a list of the CURRENTLY active IP Addresses on the Server (using Apache 2.2).
While I COULD use some sophisticated perl to parse the log files and glean IP Addresses - this still wouldn't tell me who was still ACTIVELY connected (ESTABLISHED).
Have you had a look at http://www.phildev.net/iptstate/? You can display all of the iptables connection states - it's not too hard to take that output and format it for a web page. I haven't checked to see if it runs under BSD though (do you use iptables?)...
I have looked at the program your reccommended and, although it looks good, it doesn't actually compile on FreeBSD 5.4.
iptstate.cc: In function `int main(int, char**)':
iptstate.cc:385: error: `AF_INET' undeclared (first use this function)
I've had a look at the source code and tried hashing out the AF_NET variable - which makes it compile correctly - but it doesn't work (AF_NET must be an essential part of the program).
suexec-apache might be what your looking for, google for that.
If that does not help solve your problem, you can look for patterns in the IP's that access your site, and have a cron job add the ip's to the drop list in pf filter for bsd, and have another cron job remove them when they meet a certain requirement.
I set this up on a bank website for brute force attacks. Its not really hard, it may or may not work for you. Let me know.
But since only me and my fellow SysOps are going to be viewing this page I'm not sure I'll need to change the td tags, except to encourage good habbit.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.