Help answer threads with 0 replies.
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 01-08-2009, 04:02 AM   #1
Registered: Dec 2008
Distribution: Slackware
Posts: 39

Rep: Reputation: 17
Post Bash Firewall rule change/verify

I`ve got a bash script that runs on command from a php page ( login/user/ip match/mac match...)

The script Basicly gets a list of ip addresses from mysql and checks/applies the rules if they`re not ( iptables rules )
here goes the script ( for less web text i`l simplify by removing duplicates )

bloc_list=`mysql -u$mysql_user -p$mysql_pass $maindb -B -e "SELECT IP FROM clienti WHERE Status='B'"|grep -w "IP" -v`
function generate_iptables {
/usr/sbin/iptables -L $table_block -v -n --line-numbers >$block_file
function is_blocked {
result=`cat $block_file|grep -w $1|awk {'print $9'}`
if [ "$result" == "$1" ]; then echo yes;else echo no;fi
function block {
if ! [ `is_blocked $1` = "yes" ]; then
/usr/sbin/iptables -A $table_block -s $1 -j DROP
function unblock {
if [ `is_blocked $1` = "yes" ]; then
/usr/sbin/iptables -D $table_block `cat $block_file| grep -w $1| awk {'print $1'}`
for ip in $bloc_list
unredirect $ip
unlock $ip
# unfree $ip
block $ip
echo "BLOCKED $ip"

The script works really good but on a Quad core 3.2 ghz machine takes around 5 minutes to check and apply all rules ( note that there are duplicates for more things ( FREE LOCK REDIRECT ) and more tables.

My question is: How can i make it faster OR if i can make a c++ app that can basicly do the same think but FASTER ?

I`ve already made a c++ app that gets a set of lines from mysql ( upload speeds download speed rules ) and applies tc rules acordingly ( got a boost in speed from 2 minute 30s to 0.3 seconds ( WOW )

Thanks i`m waiting for a reply.
Old 01-08-2009, 05:16 AM   #2
Registered: Dec 2008
Distribution: Slackware
Posts: 39

Original Poster
Rep: Reputation: 17
Also note that the a part that is really slowing is getting MAC`s from Mysql ( for each ip address ) and also Checking firewall rules ( applying doesn`t take that long because most of rules are already there and that`s why i check so i don`t readd them again )

Or a better question/direction is:
How can i add/check/delete rules from iptables .. tables ? ( in c++/c)
if anyone can help

Last edited by naghi32; 01-08-2009 at 08:21 AM.


bash, c++, iptables

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall-Rule Net_Spy Linux - Networking 4 11-20-2007 12:06 PM
newbie - firewall rule danimalz Linux - Security 3 07-30-2005 08:25 AM
funny new firewall rule tom_from_van Linux - Security 3 07-19-2005 12:39 PM
Need A Firewall Rule linuxboy69 Linux - Software 1 11-26-2003 05:29 PM
Verify this rule please. Iptables help needed.. Pcghost Linux - Networking 4 02-18-2003 03:46 PM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 04:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration