--- /usr/local/sbin/sshit.pl.orig Sat Nov 4 22:33:41 2006 +++ /usr/local/sbin/sshit Sat Nov 4 22:23:01 2006 @@ -176,7 +176,7 @@ use Sys::Syslog qw(:DEFAULT setlogsock); use IPC::Shareable; use Proc::PID::File; - +use IPC::Semaphore; # Parse configure file $conffile = $ARGV[0] || "/usr/local/etc/sshit.conf"; @@ -232,7 +232,7 @@ create => 1, exclusive => 0, mode => 0644, - destroy => 0, + destroy => 1, ); $handle = tie %list, 'IPC::Shareable', 'sshi', { %options }; @@ -266,7 +266,7 @@ { system("$IPFW_CMD delete $list{$ip}{rulenr}"); } elsif ($FIREWALL_TYPE =~ /^ipfw2$/i) { - system("$IPFW2_CMD table $IPFW_TABLE_NO delete $ip"); + system("$IPFW2_CMD table $IPFW2_TABLE_NO delete $ip"); } elsif ($FIREWALL_TYPE =~ /^pf$/i) { system("$PFCTL_CMD -t $PF_TABLE -Tdelete $ip"); } @@ -290,8 +290,8 @@ while (<>) { chomp; - if (/failed .*from (\d+\.\d+\.\d+\.\d+|[\da-fA-F:]+)/i ) { # IPv4 & IPv6 - $ip = $1; + if (/(Illegal|Failed) .*from (\d+\.\d+\.\d+\.\d+|[\da-fA-F:]+)/i ) { # IPv4 & IPv6 + $ip = $2; if ($list{$ip}{name}) { if ($list{$ip}{n} >= $MAX_COUNT) { syslog(LOG_ERR, "block for $ip not working!"); @@ -311,7 +311,7 @@ { # Assign a rule number and do the actual block $list{$ip}{rulenr} = $ipfw_rulenr; - system("$IPFW_CMD add $ipfw_rulenr deny tcp from $ip to me 21,22 > /dev/null"); + system("$IPFW_CMD add $ipfw_rulenr deny tcp from $ip to me 8230 > /dev/null"); syslog(LOG_ERR, "BLOCKING $ip, rule $ipfw_rulenr\n"); $ipfw_rulenr++; if ($ipfw_rulenr > $IPFW_RULE_END) { $ipfw_rulenr = $IPFW_RULE_START; } @@ -337,3 +337,18 @@ } } } +foreach $ip (keys %list) { + if($FIREWALL_TYPE =~ /^ipfw$/i) + { + system("$IPFW_CMD delete $list{$ip}{rulenr}"); + } elsif ($FIREWALL_TYPE =~ /^ipfw2$/i) { + system("$IPFW2_CMD table $IPFW2_TABLE_NO delete $ip"); + } elsif ($FIREWALL_TYPE =~ /^pf$/i) { + system("$PFCTL_CMD -t $PF_TABLE -Tdelete $ip"); + } + syslog(LOG_ERR, "main removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n"); + delete($list{$ip}); +} + +# clear all SHM +IPC::Shareable->clean_up;