处理iptables和php / mysql,但没有运气,我正在尝试找到一个解决方案,从iptables添加阻止的ip(是的,一次多个)到mysql。有人能帮忙解决这个问题吗?
<?php
$hostname = gethostname();
$name = permanent;
require_once("/etc/blocked/inc/config.inc.php");
$output = shell_exec('iptables -S permanent');
$lines=explode("\n",$output);
$fail=array();
$r="/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/";
foreach($lines as $line){
$t=array();
preg_match($r,$line,$t);
$ip=$t[0];
$fail[0]=$ip;
if ($fail[0] == '') {
}
else {
#echo "$hostname,$fail[0],$name \n";
$query = "INSERT INTO blockedips (hostname,ip,name) VALUES ('$hostname','$fail[0]','$name')" ;
$result = mysqli_query($link,$query) or die('Query failed: ' . mysqli_error($link));
mysqli_close($link);
exit;
}
}
?>
答案 0 :(得分:2)
好吧,我有时间杀人。我建议您阅读有关如何使用preg_match()的信息,并重新考虑如何处理数据库连接。我还纠正了一堆其他小错误和不必要的代码。
<?php
$hostname = gethostname();
// this needs to be quoted
$name = "permanent";
require_once("/etc/blocked/inc/config.inc.php");
// specify the full path to your binary
$output = exec("/sbin/iptables -S permanent", $lines);
// exec will create an array
//$lines=explode("\n",$output);
// you weren't capturing the IP address here
$r="/((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))/";
foreach($lines as $line){
// this can create itself
// $t=array();
// why aren't you checking the results of this call?
if (preg_match($r, $line, $t)) {
// $t[0] is the whole string, $t[1] is the first match
$ip = $t[1];
// I don't know why you were re-assigning this to another array
// $fail[0]=$ip;
#echo "$hostname,$ip,$name \n";
$query = "INSERT INTO blockedips (hostname,ip,name) VALUES ('$hostname','$ip','$name')";
$result = mysqli_query($link,$query)
or die('Query failed: ' . mysqli_error($link));
// why close your database? your second query isn't going to work too well
// mysqli_close($link);
// oh, will never be a second value. is this intentional? why have a loop then?
// exit;
}
}
?>
但是等等!使Prepared statements做好一次准备并重复执行,同时减少系统开销。我还强烈建议您迁移到PDO,或者至少使用mysqli object-oriented interface。
<?php
$hostname = gethostname();
$name = "permanent";
require_once("/etc/blocked/inc/config.inc.php");
$output = exec("/sbin/iptables -S $name", $lines);
$stmt = $link->prepare("INSERT INTO blockedips (hostname,ip,name) VALUES (?, ?, ?)";
$octet = "(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)";
$ip = "$octet\.$octet\.$octet\.$octet";
foreach($lines as $line){
if (preg_match("/($ip)/", $line, $t)) {
$ip = $t[1];
$stmt->bind_param("sss", $hostname, $ip, $name);
if ($stmt->execute() === false) {
echo 'Query failed: ' . $link->error();
$link->close();
exit;
}
}
}
?>