from subprocess import Popen,PIPE
import re
import time
import sqlite3

CONCURRENCY_ALLOWED = 60
OUTDATE_TIME = 3600

# initializing database
db = sqlite3.connect("/tmp/ddos.db3")
c = db.cursor()
try:
    c.execute("create table ddos (ip text unique,date integer);")
    Popen("iptables -F",shell=True,bufsize=1024)
except:
    print "database exists"

# blocking ips has more than CONCURRENCY_ALLOWED connections
pipe = Popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > /tmp/ddos.txt",shell=True,bufsize=1024,stdout=PIPE).stdout
time.sleep(5)
#ddos = pipe.read()
ddos = open("/tmp/ddos.txt").read()
ct = re.compile(r"(\S+)\s+(\S+).*\n").findall(ddos)
for count,ip in ct:
    if int(count)>CONCURRENCY_ALLOWED and (ip != "127.0.0.1") and (not ip.startswith("192.168")):
        c.execute('select * from ddos where ip=?',(ip,))
        if c.fetchone():
            continue
        out = Popen("iptables -I INPUT -s %s -j DROP"%ip,shell=True,bufsize=1024,stdout=PIPE).stdout
        print "blocking %s for %s visits" % (ip,count)
        c.execute('replace into ddos values (?,?)',(ip,int(time.time())))
        time.sleep(0.1)     
db.commit()