优化

README.md

@@ -29,8 +29,6 @@ update-alternatives --set ebtables /usr/sbin/ebtables-legacy
 ```
 
 
-
-
 ```
 配置文件
 global {
@@ -50,4 +48,4 @@ global {
     QQMAIL_KEY = "caczsjchvyibiabe";    // 发送者QQ密钥
     RECV_MAIL = "1605227279";           // 接收者QQ
 }
-```
+```

denyhosts.sh

@@ -28,7 +28,7 @@ function run()
     free -hl &>> ${LOG_FILE}
 
     echo "System process:" &>> ${LOG_FILE}
-    ps -axwwjf &>> ${LOG_FILE}
+    ps -auxwwjf &>> ${LOG_FILE}
 
     echo "Network Connections" &>> ${LOG_FILE}
     netstat -tnulp &>> ${LOG_FILE}

libiptc.c

@@ -5,20 +5,22 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
 {
     int r=1;
     const struct ipt_entry *entry;
+    struct ipt_entry_match *entry_match;
 
     for (entry = iptc_first_rule(chain, handle); entry; entry = iptc_next_rule(entry, handle)) {
-        iptc_get_target(entry, handle);
-
+        const char *t = iptc_get_target(entry, handle);
+        entry_match = (struct ipt_entry_match *)entry->elems;
+        //printf("u.user.name: %s\n", entry_match->u.user.name);
         char addr[33];
         memset(addr, 0, 33);
         inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr));
-        printf("%s\n", addr);
-        if (0 == strcmp(ipv4, addr))
+        //printf("%s\n", addr);
+        //printf("%s\n", t);
+        if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp"))
         {
             r=0;
             break;
         }
-
     }
 
     return r;

rhost.c

@@ -293,7 +293,7 @@ int rule(conf *conf)
             */
             
             
-            // libiptc 库插入规则
+            // libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
             unsigned int destIp;
             inet_pton(AF_INET, buffer, &destIp);
             iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1);