I know about tcpdrop which is in base distribution. But this tool requires port numbers to be specified. Is there any tool to drop connections by IP?
Asked
Active
Viewed 3,849 times
2
Eugene Yarmash
- 2,433
- 5
- 34
- 54
-
Use the packet filter pf. – hookenz Dec 05 '10 at 21:16
2 Answers
1
BTW, newer versions of tcpdrop(1) have -a and -l flags that makes it easily "grepable":
[savetherbtz@host ~]$ tcpdrop -l -a | grep 127.0.0.1
tcpdrop 127.0.0.1 10006 127.0.0.1 14796
tcpdrop 127.0.0.1 10006 127.0.0.1 13794
tcpdrop 127.0.0.1 10006 127.0.0.1 12996
tcpdrop 127.0.0.1 10006 127.0.0.1 12208
tcpdrop 127.0.0.1 10018 127.0.0.1 27132
tcpdrop 127.0.0.1 27132 127.0.0.1 10018
tcpdrop 127.0.0.1 10018 127.0.0.1 24355
tcpdrop 127.0.0.1 24355 127.0.0.1 10018
Once satisfied with the output you can then pipe this back to sh to execute the terminations:
[savetherbtz@host ~]$ tcpdrop -l -a | grep 127.0.0.1 | sh
SaveTheRbtz
- 5,691
- 4
- 32
- 45
0
Well, you could use some unix tools to give you the proper tcpdrop syntax and just run it through xargs in your own script I think. Here's an ugly example, there are probably prettier ways:
netstat -an | grep $IPADDR | awk '{print $4"."$5}' | awk -F '\.' '{print $1"."$2"."$3"."$4" "$5" "$6"."$7"."$8"."$9" "$10}' | xargs tcpdrop
This uses awk to peel out the two IP/port pairs and then glue them together with a dot so you can use another awk to just spit out the desired dotted quad space port syntax.
There's probably a slicker all-in-one regex that's more clear. $IPADDR is the ip you want to drop.
cjp
- 208
- 1
- 6