<?php
$threshold = 30;
$connections = ` netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort `;
$lines = explode("\n", $connections);
$counts = array();
foreach($lines as $line){
$line = trim($line);
if(strlen($line)<= 0 )
continue;
if($line == "0.0.0.0")
continue;
if($line == "replace with ip of other servers that connect to your server i.e. mysql replication")
continue;
if($line == "127.0.0.1")
continue;
//echo "$line\n";
if(isset($counts[$line]))
$count = $counts[$line];
else
$count = 0;
$counts[$line] = ++$count;
}
foreach($counts as $ip=>$ipCount){
if($ipCount>$threshold){
`logger "[blocker.php] blocking ip $ip for exceeding $threshold simultanious connections. current count = $ipCount"`;
$output = `/sbin/iptables -A INPUT -s $ip -j DROP `;
}
}