I want to change around a perl script so that it will block an IP Address that is making excessive use of system resources.

Does anyone have any good tutorials on Perl/IPtables interaction?

I'm confused. You want to block an IP at the script level, or have the script make an iptables entry?

Originally posted by alchiba
I'm confused. You want to block an IP at the script level, or have the script make an iptables entry?

Sorry about that, I want the script to make an IPTables entry. Let me be more specific:

http://www.expirednic.com/check_link_popularity.html

This is the script, it tracks IP Address already, what I want to do is have the script add an IPTables entry dropping all traffic from any IP Address that access the script more than 12 times in an hour.

I keep getting people who abuse the script (I had one guy who accessed it 146,000 times between the 1st and the 9th of this month. Rather than manually reviewing the connections, I owuld prefer to automate this process.

I see what you're getting at. But if you use iptables then your script would never be able to 'see' them again so that you could un-block them. You'd have to keep track of the visitors through a database that maintained their IP, timestamp of initial visit and how many hits to your script since that timestamp. The script would then have to wind through the database comparing the current system time with the initial timestamp for each IP and block/unblock accordingly. Not terribly efficient for your main script, so I would opt for a second script that would run under cron.

As for having Perl make/delete an iptables entry, you can just invoke the shell() or exec() function to run the command:

/sbin/iptables -I INPUT -s user.ip.address.here -j DROP

And I guess you'd re-activate the IP with:

/sbin/iptables -I INPUT -s user.ip.address.here -j ACCEPT

Something like that. Or were you looking for a tighter Perl/iptables integration? Don't know if that's possible.

Allan, it would probably be a thousand times easier just to use a perl script and a mysql database and block the user ("You have viewed this page more then the alloted time in the past hour") or whatever.