Merge pull request #29 from nuxy/master

Added support for FreeBSD IPFW

README.md

@@ -6,6 +6,8 @@ fixes, improvements and new features.
 
 **Maintainer:** Jefferson González <[email protected]>
 
+**Contributor (BSD support):** Marc S. Brooks <[email protected]>
+
 ## About
 
 (D)DoS Deflate is a lightweight bash shell script designed to assist in
@@ -14,11 +16,11 @@ command below to create a list of IP addresses connected to the server,
 along with their total number of connections. It is one of the simplest
 and easiest to install solutions at the software level.
 
-netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+netstat -an | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
 
 IP addresses with over a pre-configured number of connections are
-automatically blocked in the server's firewall, which can be direct
-iptables or Advanced Policy Firewall (APF). (We highly recommend that
+automatically blocked in the server's firewall, which can be direct 
+ipfw, iptables, or Advanced Policy Firewall (APF). (We highly recommend that
 you use APF on your server in general, but deflate will work without it.)
 
 ### Notable Features
@@ -32,7 +34,7 @@ you use APF on your server in general, but deflate will work without it.)
 * You can receive email alerts when IP addresses are blocked.
 * Control blocking by connection state (see man netstat).
 * Auto-detection of firewall.
-* Support for APF, CSF and iptables.
+* Support for APF, CSF, ipfw, and iptables.
 * Logs events to /var/log/ddos.log
 * Uses tcpkill to reduce the amount of processes opened by attackers.
 

config/ddos.conf

@@ -8,6 +8,7 @@ CRON="/etc/cron.d/ddos"
 # Make sure your APF version is atleast 0.96
 APF="/usr/sbin/apf"
 CSF="/usr/sbin/csf"
+IPF="/sbin/ipfw"
 IPT="/sbin/iptables"
 
 # frequency in minutes for running the script as a cron job
@@ -22,7 +23,7 @@ DAEMON_FREQ=5
 NO_OF_CONNECTIONS=150
 
 # The firewall to use for blocking/unblocking, valid values are:
-# auto, apf, csf and iptables
+# auto, apf, csf, ipfw, and iptables
 FIREWALL="auto"
 
 # An email is sent to the following address when an IP is banned.

config/dependencies.list

@@ -1,9 +1,9 @@
-/*dependencies      apt-get             yum*/
-nslookup            dnsutils            bind-utils
-netstat|ifconfig    net-tools           net-tools
-iptables            iptables-persistent iptables-services
-tcpkill             dsniff              dsniff
-timeout             coreutils           coreutils
-grep                grep                grep               
-awk                 awk                 awk
-sed                 sed                 sed
+/*dependencies      apt-get             yum               pkg*/
+nslookup            dnsutils            bind-utils        bind-tools
+netstat|ifconfig    net-tools           net-tools         net-tools
+iptables            iptables-persistent iptables-services ipfw
+tcpkill             dsniff              dsniff            dsniff
+timeout             coreutils           coreutils         timeout
+grep                grep                grep              grep
+awk                 awk                 awk               awk
+sed                 sed                 sed               sed

install.sh

@@ -1,28 +1,41 @@
-#!/bin/bash
+#!/bin/sh
 
 # Check for required dependencies
 if [ -f "$DESTDIR/usr/bin/apt-get" ]; then
-    install_type='2';   install_command="apt-get"
+    install_type='2';
+    install_command="apt-get"
 elif [ -f "$DESTDIR/usr/bin/yum" ]; then
-    install_type='3';   install_command="yum"
+    install_type='3';
+    install_command="yum"
+elif [ -f "$DESTDIR/usr/sbin/pkg" ]; then
+    install_type='4';
+    install_command="pkg"
 else
     install_type='0'
 fi
 
-for dependency in nslookup netstat iptables ifconfig tcpkill timeout awk sed grep; do
+packages='nslookup netstat ifconfig tcpkill timeout awk sed grep'
+
+if  [ "$install_type" = '4' ]; then
+    packages="$packages ipfw"
+else
+    packages="$packages iptables"
+fi
+
+for dependency in $packages; do
     is_installed=`which $dependency`
     if [ "$is_installed" = "" ]; then
         echo "error: Required dependency '$dependency' is missing."
         if [ "$install_type" = '0' ]; then
             exit 1
         else
             echo -n "Autoinstall dependencies by '$install_command'? (n to exit) "
-    fi
+        fi
         read install_sign
         if [ "$install_sign" = 'N' -o "$install_sign" = 'n' ]; then
            exit 1
         fi
-    eval "$install_command install -y $(grep $dependency config/dependencies.list | awk '{print $'$install_type'}')"
+        eval "$install_command install -y $(grep $dependency config/dependencies.list | awk '{print $'$install_type'}')"
     fi
 done
 
@@ -74,7 +87,7 @@ echo " (done)"
 
 echo -n 'Creating ddos script: /usr/local/sbin/ddos...'
 mkdir -p "$DESTDIR/usr/local/sbin/"
-echo "#!/bin/bash" > "$DESTDIR/usr/local/sbin/ddos"
+echo "#!/bin/sh" > "$DESTDIR/usr/local/sbin/ddos"
 echo "/usr/local/ddos/ddos.sh \$@" >> "$DESTDIR/usr/local/sbin/ddos"
 chmod 0755 "$DESTDIR/usr/local/sbin/ddos"
 echo " (done)"
@@ -95,6 +108,16 @@ fi
 
 echo;
 
+if [ -d /etc/newsyslog.conf.d ]; then
+    echo -n 'Adding newsyslog configuration...'
+    mkdir -p "$DESTDIR/etc/newsyslog.conf.d"
+    cp src/ddos.newsyslog "$DESTDIR/etc/newsyslog.conf.d/ddos" > /dev/null 2>&1
+    chmod 0644 "$DESTDIR/etc/newsyslog.conf.d/ddos"
+    echo " (done)"
+fi
+
+echo;
+
 if [ -d /etc/init.d ]; then
     echo -n 'Setting up init script...'
     mkdir -p "$DESTDIR/etc/init.d/"
@@ -112,6 +135,18 @@ if [ -d /etc/init.d ]; then
     else
         echo "ddos service needs to be manually started... (warning)"
     fi
+elif [ -d /etc/rc.d ]; then
+    echo -n 'Setting up rc script...'
+    mkdir -p "$DESTDIR/etc/rc.d/"
+    cp src/ddos.rcd "$DESTDIR/etc/rc.d/ddos" > /dev/null 2>&1
+    chmod 0755 "$DESTDIR/etc/rc.d/ddos" > /dev/null 2>&1
+    echo " (done)"
+
+    # Activate the service
+    echo -n "Activating ddos service..."
+    echo 'ddos_enable="YES"' >> /etc/rc.conf
+        service ddos start > /dev/null 2>&1
+        echo " (done)"
 elif [ -d /usr/lib/systemd/system ]; then
     echo -n 'Setting up systemd service...'
     mkdir -p "$DESTDIR/usr/lib/systemd/system/"
@@ -129,9 +164,8 @@ elif [ -d /usr/lib/systemd/system ]; then
     else
         echo "ddos service needs to be manually started... (warning)"
     fi
-elif [ -d /etc/cron.d ] && [ "$DESTDIR" = "" ]; then
+elif [ -d /etc/cron.d ] || [ -f /etc/crontab ]; then
     echo -n 'Creating cron to run script every minute...'
-    mkdir -p "$DESTDIR/etc/cron.d/"
     /usr/local/ddos/ddos.sh --cron > /dev/null 2>&1
     echo " (done)"
 fi

man/ddos.1

@@ -34,7 +34,7 @@ and easiest to install solutions at the software level.
 .PP
 IP addresses with over a pre-configured number of connections are
 automatically blocked in the server's firewall, which can be direct
-iptables or Advanced Policy Firewall (APF). (We highly recommend that
+ipfw, iptables, or Advanced Policy Firewall (APF). (We highly recommend that
 you use APF on your server in general, but deflate will work without it.)
 
 .SH OPTIONS
@@ -135,3 +135,4 @@ Zaf <[email protected]> (Copyright (C) 2005)
 
 .SH CONTRIBUTORS
 Jefferson González <[email protected]> (Fixes and improvements)
+Marc S. Brooks <[email protected]> (BSD support)

src/ddos.newsyslog

@@ -0,0 +1 @@
+/var/log/ddos.log  640  4  *  $W6D0  JN

src/ddos.rcd

@@ -0,0 +1,46 @@
+#!/bin/sh
+# PROVIDE: ddos
+# REQUIRE: DAEMON netif
+# KEYWORD: nojail
+
+# Init script to control ddos daemon
+#
+# Marc S. Brooks <[email protected]>
+
+. /etc/rc.subr
+
+name="ddos"
+rcvar="${name}_enable"
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+restart_cmd="${name}_restart"
+status_cmd="${name}_status"
+extra_commands="restart status"
+ddos_program="/usr/local/sbin/ddos"
+# ddos_file is set by rc.conf
+
+test -x $DAEMON || exit 0
+
+ddos_start()
+{
+    ${ddos_program} --start
+}
+
+ddos_stop()
+{
+    ${ddos_program} --stop
+}
+
+ddos_status()
+{
+    ${ddos_program} --status
+}
+
+ddos_restart()
+{
+    ${ddos_program} --stop
+    ${ddos_program} --start
+}
+
+load_rc_config $name
+run_rc_command "$1"