[root@starlane incoming]# ./snortsam-reblock
+ declare -i FWSAM_HOW_IN=32
+ declare -i FWSAM_HOW_OUT=64
+ declare -i FWSAM_HOW_INOUT=96
+ declare -i FWSAM_HOW_THIS=128
+ FW_CONFIG=/etc/firewall
+ '[' -f /var/lock/snortsam -a -f /etc/firewall ']'
+ source /etc/firewall
++ MODE=gateway
++ EXTIF=eth1
++ LANIF=eth0
++ DMZIF=
++ WIFIF=
++ HOTIF=
++ BANDWIDTH_QOS=on
++ BANDWIDTH_UPSTREAM=eth1:450
++ BANDWIDTH_DOWNSTREAM=eth1:9500
++ MULTIPATH=off
++ MULTIPATH_WEIGHTS=
++ SQUID_TRANSPARENT=off
++ SQUID_FILTER_PORT=
++ IPSEC_SERVER=off
++ PPTP_SERVER=off
++ ONE_TO_ONE_NAT_MODE=type2
++ LANNET=
++ PROTOCOL_FILTERING=off
++ RULES='      BT||0x10000001|6||60001:60009|  BT-Laptop||0x10000008|6|192.168.1.100|60000|60000         FTP||0x00000001|6||20|  FTP||0x10000001|6||21|  HTTP||0x10000001|6||80|  HTTPS||0x00000001|6||443|        IMAPS||0x10000001|6||993|       LANtraffic|None|0x20000001|0|192.168.0.0/16||_    Passive_FTP||0x10000001|6||65000:65100|         RDP||0x10000001|6||33389|         SMTP||0x10000001|6||25|         SMTPS||0x10000001|6||465|       SSH||0x00000001|6||22|    SSH2||0x10000001|6||2222|       Webmail||0x00000001|6||83|      chinaip||0x10000002|0|222.208.183.218||   flexshare||0x10000001|6||2121|  ftp||0x10000002|0|203.110.169.240||       ftp||0x10000002|0|218.1.64.9||  ftp||0x10000002|0|65.83.80.220||        ftpbrute||0x10000002|0|193.55.128.252||   http||0x10001000|0||80|eth1:1:0:3:100:0:0:0     jswebhack||0x10000002|0|88.191.81.198||   mailout||0x10001000|0||25|eth1:0:0:3:100:0:0:0  ps3||0x10001000|0|192.168.1.4||eth1:0:1:0:100:0:0:0       roundcubehack||0x10000002|0|91.198.106.91||       smtpbrute||0x10000002|0|71.177.137.13||         smtpport||0x10000002|0|69.215.108.94||    sshlan||0x10001000|0||22|eth1:1:1:3:0:0:50:0    sshwan2||0x10001000|0||2222|eth1:0:0:0:100:0:0:0  webconfig||0x00000001|6||81|    webservice||0x10000001|6||1875| '
++ date +%s
+ export UTC=1264409631
+ UTC=1264409631
++ snortsam-state -qd,
++ awk -F, '$6 + $7 > ENVIRON["UTC"] { printf "%s:%s\n", $2, $8 }'
+ IPS='121.15.171.68:0x6c
4.79.142.206:0x74'
+ for IP in '$IPS'
++ echo 121.15.171.68:0x6c
++ cut -d: -f1
+ ADDR=121.15.171.68
++ echo 121.15.171.68:0x6c
++ cut -d: -f2
+ declare -i MODE=0x6c
+ MODE=96
+ '[' 96 == 32 ']'
+ '[' 96 == 64 ']'
+ '[' 96 == 96 ']'
+ for IFACE in '$EXTIF'
+ /sbin/iptables -I INPUT 1 -i eth1 -s 121.15.171.68 -j DROP
+ /sbin/iptables -I FORWARD 1 -i eth1 -s 121.15.171.68 -j DROP
+ /sbin/iptables -I INPUT 1 -i eth1 -d 121.15.171.68 -j DROP
+ /sbin/iptables -I FORWARD 1 -i eth1 -d 121.15.171.68 -j DROP
+ for IP in '$IPS'
++ echo 4.79.142.206:0x74
++ cut -d: -f1
+ ADDR=4.79.142.206
++ echo 4.79.142.206:0x74
++ cut -d: -f2
+ declare -i MODE=0x74
+ MODE=96
+ '[' 96 == 32 ']'
+ '[' 96 == 64 ']'
+ '[' 96 == 96 ']'
+ for IFACE in '$EXTIF'
+ /sbin/iptables -I INPUT 1 -i eth1 -s 4.79.142.206 -j DROP
+ /sbin/iptables -I FORWARD 1 -i eth1 -s 4.79.142.206 -j DROP
+ /sbin/iptables -I INPUT 1 -i eth1 -d 4.79.142.206 -j DROP
+ /sbin/iptables -I FORWARD 1 -i eth1 -d 4.79.142.206 -j DROP
+ exit 0