While this will work for small setups but i have feeling that this won't be suitable for high load productive systems, since it does same thing as fail2ban but runs INLINE, blocking other sip requests till it is finished.
Thank you. On Wed, Mar 6, 2013 at 8:48 PM, Hubert Mickael <[email protected]> wrote: > Hi, > Pike module to stop flood ? > I have add perl script at pike to add firewall rule in my freebsd. > > Example opensips conf: > > #------------------- module pike --------------- > loadmodule "pike.so" > #----------- pike params ------------ > modparam("pike", "sampling_time_unit", 2) > modparam("pike", "reqs_density_per_unit", 80) > modparam("pike", "remove_latency", 130) > modparam("pike", "pike_log_level", -1) > > in script: > > * if(!pike_check_req())** > ** {** > ** if(perl_exec("pikesendmail"))** > ** {** > ** xlog("L_INFO","Fonction perl_exec PIKE OK");** > ** }** > ** xlog("L_WARN","PIKE_CHECK_REQ banned IP $si because of > flooding requests");** > ** exit;** > ** }* > > perl script: > > > sub pikesendmail > { > MIME::Lite->send('smtp', 'smtp.....'); > > my $serverIP = OpenSIPS::AVP::get("serverIP"); > my $sourceIP = OpenSIPS::AVP::get("sourceIP"); > > my @exceptions = (@my IP); > > my $logfile = "/var/log/pikemodule.log"; > my $date = localtime(); > open LOGFILE, ">>$logfile" or die "cannot open logfile $logfile > for append: $!"; > > my $subject = "IP $sourceIP blocked by server $serverIP"; > my @body ; > my @argsbash ; > my @listeIP ; > my $maxid ; > my $newid ; > my $reglepresente = 0 ; > my $inhib = 0 ; > my $i=0; > > for $i (@exceptions) > { > if($sourceIP eq $i) > { > $inhib = 1 ; > last ; > } > } > > foreach(`ipfw list | grep ^005 | awk -F" " {'print \$5'}`) > { > push (@listeIP,$_) ; > } > > for(@listeIP){ > print "$_"; > if($_ =~ $sourceIP){ > #print "regle deja presente\n"; > $reglepresente = 1 ; > } > } > > if($reglepresente == 0 && $inhib == 0){ > > $maxid=`ipfw list | grep ^005 | tail -n1 | awk -F" " > {'print \$1'} | sed "s/^00//"`; > if ($maxid eq ''){ > $newid = 500 ; > }else{ > $newid = $maxid+1 ; > } > > > @argsbash = ("ipfw", "add $newid deny ip from $sourceIP to > me"); > if(system(@argsbash) == 0 > or die "system @argsbash failed: $?"){ > print LOGFILE "$date INFO : Nouveau blocage pour > SIP flooding \n"; > print LOGFILE "$date INFO : Regle IPFW appliquee > ID $newid \n"; > log(L_INFO, "SIP Flooding, IP $sourceIP blocked > with IPFW rule $newid\n"); > } > > open(EMAILB,"/usr/local/libexec/templ_email.tpl") || die > ("Erreur d'ouverture de EMAILB") ; > while (<EMAILB>) { > $_ =~ s/PARA1/$sourceIP/g; > $_ =~ s/PARA2/$serverIP/g; > $_ =~ s/PARA3/$newid/g; > push (@body,$_); > } > > close(EMAILB); > > # CrĂ©ation d'un objet MIME::Lite avec les en-tĂȘtes du > message > my $message = MIME::Lite->new( > From => 'OpenSIPS > <[email protected]><[email protected]> > ', > To => '', > Subject => "$subject", > "X-Mailer" => 'OpenSIPS', > Type => 'text/html', > Data => "@body", > ); > > if($message->send()){ > print LOGFILE "$date INFO : Mail envoye pour > blocage IP $sourceIP\n"; > log(L_INFO, "SIP Flooding, mail has been sent\n"); > } > > close LOGFILE ; > } > > return 1; > } > > bye > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- Muhammad Shahzad ----------------------------------- CISCO Rich Media Communication Specialist (CRMCS) CISCO Certified Network Associate (CCNA) Cell: +49 176 99 83 10 85 MSN: [email protected] Email: [email protected]
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
