[root@starlane incoming]# ./snortsam-reblock + declare -i FWSAM_HOW_IN=32 + declare -i FWSAM_HOW_OUT=64 + declare -i FWSAM_HOW_INOUT=96 + declare -i FWSAM_HOW_THIS=128 + FW_CONFIG=/etc/firewall + '[' -f /var/lock/snortsam -a -f /etc/firewall ']' + source /etc/firewall ++ MODE=gateway ++ EXTIF=eth1 ++ LANIF=eth0 ++ DMZIF= ++ WIFIF= ++ HOTIF= ++ BANDWIDTH_QOS=on ++ BANDWIDTH_UPSTREAM=eth1:450 ++ BANDWIDTH_DOWNSTREAM=eth1:9500 ++ MULTIPATH=off ++ MULTIPATH_WEIGHTS= ++ SQUID_TRANSPARENT=off ++ SQUID_FILTER_PORT= ++ IPSEC_SERVER=off ++ PPTP_SERVER=off ++ ONE_TO_ONE_NAT_MODE=type2 ++ LANNET= ++ PROTOCOL_FILTERING=off ++ RULES=' BT||0x10000001|6||60001:60009| BT-Laptop||0x10000008|6|192.168.1.100|60000|60000 FTP||0x00000001|6||20| FTP||0x10000001|6||21| HTTP||0x10000001|6||80| HTTPS||0x00000001|6||443| IMAPS||0x10000001|6||993| LANtraffic|None|0x20000001|0|192.168.0.0/16||_ Passive_FTP||0x10000001|6||65000:65100| RDP||0x10000001|6||33389| SMTP||0x10000001|6||25| SMTPS||0x10000001|6||465| SSH||0x00000001|6||22| SSH2||0x10000001|6||2222| Webmail||0x00000001|6||83| chinaip||0x10000002|0|222.208.183.218|| flexshare||0x10000001|6||2121| ftp||0x10000002|0|203.110.169.240|| ftp||0x10000002|0|218.1.64.9|| ftp||0x10000002|0|65.83.80.220|| ftpbrute||0x10000002|0|193.55.128.252|| http||0x10001000|0||80|eth1:1:0:3:100:0:0:0 jswebhack||0x10000002|0|88.191.81.198|| mailout||0x10001000|0||25|eth1:0:0:3:100:0:0:0 ps3||0x10001000|0|192.168.1.4||eth1:0:1:0:100:0:0:0 roundcubehack||0x10000002|0|91.198.106.91|| smtpbrute||0x10000002|0|71.177.137.13|| smtpport||0x10000002|0|69.215.108.94|| sshlan||0x10001000|0||22|eth1:1:1:3:0:0:50:0 sshwan2||0x10001000|0||2222|eth1:0:0:0:100:0:0:0 webconfig||0x00000001|6||81| webservice||0x10000001|6||1875| ' ++ date +%s + export UTC=1264409631 + UTC=1264409631 ++ snortsam-state -qd, ++ awk -F, '$6 + $7 > ENVIRON["UTC"] { printf "%s:%s\n", $2, $8 }' + IPS='121.15.171.68:0x6c 4.79.142.206:0x74' + for IP in '$IPS' ++ echo 121.15.171.68:0x6c ++ cut -d: -f1 + ADDR=121.15.171.68 ++ echo 121.15.171.68:0x6c ++ cut -d: -f2 + declare -i MODE=0x6c + MODE=96 + '[' 96 == 32 ']' + '[' 96 == 64 ']' + '[' 96 == 96 ']' + for IFACE in '$EXTIF' + /sbin/iptables -I INPUT 1 -i eth1 -s 121.15.171.68 -j DROP + /sbin/iptables -I FORWARD 1 -i eth1 -s 121.15.171.68 -j DROP + /sbin/iptables -I INPUT 1 -i eth1 -d 121.15.171.68 -j DROP + /sbin/iptables -I FORWARD 1 -i eth1 -d 121.15.171.68 -j DROP + for IP in '$IPS' ++ echo 4.79.142.206:0x74 ++ cut -d: -f1 + ADDR=4.79.142.206 ++ echo 4.79.142.206:0x74 ++ cut -d: -f2 + declare -i MODE=0x74 + MODE=96 + '[' 96 == 32 ']' + '[' 96 == 64 ']' + '[' 96 == 96 ']' + for IFACE in '$EXTIF' + /sbin/iptables -I INPUT 1 -i eth1 -s 4.79.142.206 -j DROP + /sbin/iptables -I FORWARD 1 -i eth1 -s 4.79.142.206 -j DROP + /sbin/iptables -I INPUT 1 -i eth1 -d 4.79.142.206 -j DROP + /sbin/iptables -I FORWARD 1 -i eth1 -d 4.79.142.206 -j DROP + exit 0