Bash Firewall rule change/verify
Hy
I`ve got a bash script that runs on command from a php page ( login/user/ip match/mac match...) The script Basicly gets a list of ip addresses from mysql and checks/applies the rules if they`re not ( iptables rules ) here goes the script ( for less web text i`l simplify by removing duplicates ) #!/bin/bash block_file="/tmp/iptables_block" table_block="BLOCK" bloc_list=`mysql -u$mysql_user -p$mysql_pass $maindb -B -e "SELECT IP FROM clienti WHERE Status='B'"|grep -w "IP" -v` function generate_iptables { /usr/sbin/iptables -L $table_block -v -n --line-numbers >$block_file } function is_blocked { result=`cat $block_file|grep -w $1|awk {'print $9'}` if [ "$result" == "$1" ]; then echo yes;else echo no;fi } function block { if ! [ `is_blocked $1` = "yes" ]; then /usr/sbin/iptables -A $table_block -s $1 -j DROP fi } function unblock { if [ `is_blocked $1` = "yes" ]; then generate_iptables /usr/sbin/iptables -D $table_block `cat $block_file| grep -w $1| awk {'print $1'}` fi } for ip in $bloc_list do unredirect $ip unlock $ip # unfree $ip block $ip echo "BLOCKED $ip" done The script works really good but on a Quad core 3.2 ghz machine takes around 5 minutes to check and apply all rules ( note that there are duplicates for more things ( FREE LOCK REDIRECT ) and more tables. My question is: How can i make it faster OR if i can make a c++ app that can basicly do the same think but FASTER ? I`ve already made a c++ app that gets a set of lines from mysql ( upload speeds download speed rules ) and applies tc rules acordingly ( got a boost in speed from 2 minute 30s to 0.3 seconds ( WOW ) Thanks i`m waiting for a reply. |
Also note that the a part that is really slowing is getting MAC`s from Mysql ( for each ip address ) and also Checking firewall rules ( applying doesn`t take that long because most of rules are already there and that`s why i check so i don`t readd them again :) )
Or a better question/direction is: How can i add/check/delete rules from iptables .. tables ? ( in c++/c) if anyone can help :) |
All times are GMT -5. The time now is 07:26 AM. |