<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<div class="moz-forward-container">
<div class="moz-cite-prefix"> Pike module to stop flood ?<br>
I have add perl script at pike to add firewall rule in my
freebsd.<br>
<br>
Example opensips conf:<br>
<br>
#------------------- module pike ---------------<br>
loadmodule "pike.so"<br>
#----------- pike params ------------<br>
modparam("pike", "sampling_time_unit", 2)<br>
modparam("pike", "reqs_density_per_unit", 80)<br>
modparam("pike", "remove_latency", 130)<br>
modparam("pike", "pike_log_level", -1)<br>
<br>
in script:<br>
<br>
<i> if(!pike_check_req())</i><i><br>
</i><i> {</i><i><br>
</i><i> if(perl_exec("pikesendmail"))</i><i><br>
</i><i> {</i><i><br>
</i><i> xlog("L_INFO","Fonction perl_exec
PIKE OK");</i><i><br>
</i><i> }</i><i><br>
</i><i> xlog("L_WARN","PIKE_CHECK_REQ banned IP
$si because of flooding requests");</i><i><br>
</i><i> exit;</i><i><br>
</i><i> }</i><br>
<br>
perl script:<br>
<br>
<br>
sub pikesendmail<br>
{<br>
MIME::Lite->send('smtp', 'smtp.....');<br>
<br>
my $serverIP = OpenSIPS::AVP::get("serverIP");<br>
my $sourceIP = OpenSIPS::AVP::get("sourceIP");<br>
<br>
my @exceptions = (@my IP);<br>
<br>
my $logfile = "/var/log/pikemodule.log";<br>
my $date = localtime();<br>
open LOGFILE, ">>$logfile" or die "cannot open
logfile $logfile for append: $!";<br>
<br>
my $subject = "IP $sourceIP blocked by server
$serverIP";<br>
my @body ;<br>
my @argsbash ;<br>
my @listeIP ;<br>
my $maxid ;<br>
my $newid ;<br>
my $reglepresente = 0 ;<br>
my $inhib = 0 ;<br>
my $i=0;<br>
<br>
for $i (@exceptions)<br>
{<br>
if($sourceIP eq $i)<br>
{<br>
$inhib = 1 ;<br>
last ;<br>
}<br>
}<br>
<br>
foreach(`ipfw list | grep ^005 | awk -F" " {'print
\$5'}`)<br>
{<br>
push (@listeIP,$_) ;<br>
}<br>
<br>
for(@listeIP){<br>
print "$_";<br>
if($_ =~ $sourceIP){<br>
#print "regle deja presente\n";<br>
$reglepresente = 1 ;<br>
}<br>
}<br>
<br>
if($reglepresente == 0 && $inhib == 0){<br>
<br>
$maxid=`ipfw list | grep ^005 | tail -n1 | awk
-F" " {'print \$1'} | sed "s/^00//"`;<br>
if ($maxid eq ''){<br>
$newid = 500 ;<br>
}else{<br>
$newid = $maxid+1 ;<br>
}<br>
<br>
<br>
@argsbash = ("ipfw", "add $newid deny ip from
$sourceIP to me");<br>
if(system(@argsbash) == 0<br>
or die "system @argsbash failed: $?"){<br>
print LOGFILE "$date INFO : Nouveau
blocage pour SIP flooding \n";<br>
print LOGFILE "$date INFO : Regle IPFW
appliquee ID $newid \n";<br>
log(L_INFO, "SIP Flooding, IP $sourceIP
blocked with IPFW rule $newid\n");<br>
}<br>
<br>
open(EMAILB,"/usr/local/libexec/templ_email.tpl") || die
("Erreur d'ouverture de EMAILB") ;<br>
while (<EMAILB>) {<br>
$_ =~ s/PARA1/$sourceIP/g;<br>
$_ =~ s/PARA2/$serverIP/g;<br>
$_ =~ s/PARA3/$newid/g;<br>
push (@body,$_);<br>
}<br>
<br>
close(EMAILB);<br>
<br>
# Création d'un objet MIME::Lite avec les
en-têtes du message<br>
my $message = MIME::Lite->new(<br>
From => 'OpenSIPS <a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:noreply@hexanet.fr"><noreply@hexanet.fr></a>',<br>
To => '',<br>
Subject => "$subject",<br>
"X-Mailer" => 'OpenSIPS',<br>
Type => 'text/html',<br>
Data => "@body",<br>
);<br>
<br>
if($message->send()){<br>
print LOGFILE "$date INFO : Mail envoye
pour blocage IP $sourceIP\n";<br>
log(L_INFO, "SIP Flooding, mail has been
sent\n");<br>
}<br>
<br>
close LOGFILE ;<br>
}<br>
<br>
return 1;<br>
}<br>
<br>
bye<br>
</div>
</div>
</body>
</html>