This commit is contained in:
aixiao 2022-07-13 11:27:22 +08:00
parent 5ef0de5b85
commit 0ad3df3770
8 changed files with 10 additions and 10 deletions

View File

@ -29,8 +29,6 @@ update-alternatives --set ebtables /usr/sbin/ebtables-legacy
``` ```
``` ```
配置文件 配置文件
global { global {

BIN
conf.o

Binary file not shown.

View File

@ -28,7 +28,7 @@ function run()
free -hl &>> ${LOG_FILE} free -hl &>> ${LOG_FILE}
echo "System process:" &>> ${LOG_FILE} echo "System process:" &>> ${LOG_FILE}
ps -axwwjf &>> ${LOG_FILE} ps -auxwwjf &>> ${LOG_FILE}
echo "Network Connections" &>> ${LOG_FILE} echo "Network Connections" &>> ${LOG_FILE}
netstat -tnulp &>> ${LOG_FILE} netstat -tnulp &>> ${LOG_FILE}

View File

@ -5,20 +5,22 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
{ {
int r=1; int r=1;
const struct ipt_entry *entry; const struct ipt_entry *entry;
struct ipt_entry_match *entry_match;
for (entry = iptc_first_rule(chain, handle); entry; entry = iptc_next_rule(entry, handle)) { for (entry = iptc_first_rule(chain, handle); entry; entry = iptc_next_rule(entry, handle)) {
iptc_get_target(entry, handle); const char *t = iptc_get_target(entry, handle);
entry_match = (struct ipt_entry_match *)entry->elems;
//printf("u.user.name: %s\n", entry_match->u.user.name);
char addr[33]; char addr[33];
memset(addr, 0, 33); memset(addr, 0, 33);
inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr)); inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr));
printf("%s\n", addr); //printf("%s\n", addr);
if (0 == strcmp(ipv4, addr)) //printf("%s\n", t);
if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp"))
{ {
r=0; r=0;
break; break;
} }
} }
return r; return r;

BIN
libiptc.o

Binary file not shown.

BIN
rhost

Binary file not shown.

View File

@ -293,7 +293,7 @@ int rule(conf *conf)
*/ */
// libiptc 库插入规则 // libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
unsigned int destIp; unsigned int destIp;
inet_pton(AF_INET, buffer, &destIp); inet_pton(AF_INET, buffer, &destIp);
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1); iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1);

BIN
rhost.o

Binary file not shown.