LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 01-08-2009, 03:02 AM   #1
naghi32
Member
 
Registered: Dec 2008
Distribution: Slackware
Posts: 39

Rep: Reputation: 17
Post Bash Firewall rule change/verify


Hy
I`ve got a bash script that runs on command from a php page ( login/user/ip match/mac match...)

The script Basicly gets a list of ip addresses from mysql and checks/applies the rules if they`re not ( iptables rules )
here goes the script ( for less web text i`l simplify by removing duplicates )

#!/bin/bash
block_file="/tmp/iptables_block"
table_block="BLOCK"
bloc_list=`mysql -u$mysql_user -p$mysql_pass $maindb -B -e "SELECT IP FROM clienti WHERE Status='B'"|grep -w "IP" -v`
function generate_iptables {
/usr/sbin/iptables -L $table_block -v -n --line-numbers >$block_file
}
function is_blocked {
result=`cat $block_file|grep -w $1|awk {'print $9'}`
if [ "$result" == "$1" ]; then echo yes;else echo no;fi
}
function block {
if ! [ `is_blocked $1` = "yes" ]; then
/usr/sbin/iptables -A $table_block -s $1 -j DROP
fi
}
function unblock {
if [ `is_blocked $1` = "yes" ]; then
generate_iptables
/usr/sbin/iptables -D $table_block `cat $block_file| grep -w $1| awk {'print $1'}`
fi
}
for ip in $bloc_list
do
unredirect $ip
unlock $ip
# unfree $ip
block $ip
echo "BLOCKED $ip"
done

The script works really good but on a Quad core 3.2 ghz machine takes around 5 minutes to check and apply all rules ( note that there are duplicates for more things ( FREE LOCK REDIRECT ) and more tables.

My question is: How can i make it faster OR if i can make a c++ app that can basicly do the same think but FASTER ?

I`ve already made a c++ app that gets a set of lines from mysql ( upload speeds download speed rules ) and applies tc rules acordingly ( got a boost in speed from 2 minute 30s to 0.3 seconds ( WOW )

Thanks i`m waiting for a reply.
 
Old 01-08-2009, 04:16 AM   #2
naghi32
Member
 
Registered: Dec 2008
Distribution: Slackware
Posts: 39

Original Poster
Rep: Reputation: 17
Also note that the a part that is really slowing is getting MAC`s from Mysql ( for each ip address ) and also Checking firewall rules ( applying doesn`t take that long because most of rules are already there and that`s why i check so i don`t readd them again )

Or a better question/direction is:
How can i add/check/delete rules from iptables .. tables ? ( in c++/c)
if anyone can help

Last edited by naghi32; 01-08-2009 at 07:21 AM.
 
  


Reply

Tags
bash, c++, iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall-Rule Net_Spy Linux - Networking 4 11-20-2007 11:06 AM
newbie - firewall rule danimalz Linux - Security 3 07-30-2005 07:25 AM
funny new firewall rule tom_from_van Linux - Security 3 07-19-2005 11:39 AM
Need A Firewall Rule linuxboy69 Linux - Software 1 11-26-2003 04:29 PM
Verify this rule please. Iptables help needed.. Pcghost Linux - Networking 4 02-18-2003 02:46 PM


All times are GMT -5. The time now is 11:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration