优化
This commit is contained in:
parent
5ef0de5b85
commit
0ad3df3770
@ -29,8 +29,6 @@ update-alternatives --set ebtables /usr/sbin/ebtables-legacy
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
配置文件
|
配置文件
|
||||||
global {
|
global {
|
||||||
|
@ -28,7 +28,7 @@ function run()
|
|||||||
free -hl &>> ${LOG_FILE}
|
free -hl &>> ${LOG_FILE}
|
||||||
|
|
||||||
echo "System process:" &>> ${LOG_FILE}
|
echo "System process:" &>> ${LOG_FILE}
|
||||||
ps -axwwjf &>> ${LOG_FILE}
|
ps -auxwwjf &>> ${LOG_FILE}
|
||||||
|
|
||||||
echo "Network Connections" &>> ${LOG_FILE}
|
echo "Network Connections" &>> ${LOG_FILE}
|
||||||
netstat -tnulp &>> ${LOG_FILE}
|
netstat -tnulp &>> ${LOG_FILE}
|
||||||
|
12
libiptc.c
12
libiptc.c
@ -5,20 +5,22 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
|
|||||||
{
|
{
|
||||||
int r=1;
|
int r=1;
|
||||||
const struct ipt_entry *entry;
|
const struct ipt_entry *entry;
|
||||||
|
struct ipt_entry_match *entry_match;
|
||||||
|
|
||||||
for (entry = iptc_first_rule(chain, handle); entry; entry = iptc_next_rule(entry, handle)) {
|
for (entry = iptc_first_rule(chain, handle); entry; entry = iptc_next_rule(entry, handle)) {
|
||||||
iptc_get_target(entry, handle);
|
const char *t = iptc_get_target(entry, handle);
|
||||||
|
entry_match = (struct ipt_entry_match *)entry->elems;
|
||||||
|
//printf("u.user.name: %s\n", entry_match->u.user.name);
|
||||||
char addr[33];
|
char addr[33];
|
||||||
memset(addr, 0, 33);
|
memset(addr, 0, 33);
|
||||||
inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr));
|
inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr));
|
||||||
printf("%s\n", addr);
|
//printf("%s\n", addr);
|
||||||
if (0 == strcmp(ipv4, addr))
|
//printf("%s\n", t);
|
||||||
|
if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp"))
|
||||||
{
|
{
|
||||||
r=0;
|
r=0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
|
2
rhost.c
2
rhost.c
@ -293,7 +293,7 @@ int rule(conf *conf)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// libiptc 库插入规则
|
// libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
|
||||||
unsigned int destIp;
|
unsigned int destIp;
|
||||||
inet_pton(AF_INET, buffer, &destIp);
|
inet_pton(AF_INET, buffer, &destIp);
|
||||||
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1);
|
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1);
|
||||||
|
Loading…
Reference in New Issue
Block a user