# TCPDROP script?



## BernardoCR (Jan 19, 2011)

Hello,

Does anybody have, or knows how to build, a tcpdrop script that we could use just by typing [cmd=]./tcpdrop.sh IP[/cmd] and it drops all connections from a given IP?

With regular tcpdrop command we can drop connections with tcpdrop laddr lport faddr fport.

I can call all the IPs connections with the following command:

[cmd=]netstat -an | grep IP | awk '{print $4"."$5}' | awk -F '\.' '{print $1"."$2"."$3"."$4" "$5" "$6"."$7"."$8"."$9" "$10}'[/cmd]

And I get the result:


```
67.43.236.38 80 189.114.207.45 54043
67.43.236.38 80 189.114.207.45 54042
67.43.236.38 1935 189.114.207.45 53270
67.43.230.251 6606 189.114.207.45 53269
67.43.236.34 43022 189.114.207.45 52407
67.43.230.232 6667 189.114.207.45 49472
```

I don't know how to make this script, but I think with the results in order, like showed, one could easily build a script to that purpose.

Thank you.


----------



## DutchDaemon (Jan 19, 2011)

If you have the pf firewall, the following command should kick everyone off:

[cmd=]pfctl -k 0.0.0.0/0 -k 0.0.0.0/0[/cmd]

See [cmd=]man pfctl | less +/"     -k host"[/cmd]


----------



## jmallett@ (May 5, 2012)

`tcpdrop -l -a | grep IP | sh`

*tcpdrop -l -a* gives a list of commands to be run to drop all connections.  *tcpdrop -a* drops all connections.


----------

