From ea7313a0b6654e048e0b6e178979627bbfea2746 Mon Sep 17 00:00:00 2001
From: ionutboangiu <ionut.boangiu@itsyscom.com>
Date: Tue, 17 Dec 2024 15:48:31 +0200
Subject: [PATCH] Add helper script to block localhost ports

---
 data/scripts/block-ports.sh | 43 +++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100755 data/scripts/block-ports.sh

diff --git a/data/scripts/block-ports.sh b/data/scripts/block-ports.sh
new file mode 100755
index 000000000..f7dc99876
--- /dev/null
+++ b/data/scripts/block-ports.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+usage() {
+    echo "Usage: $(basename "$0") -p PORT[,PORT...] [-d SECONDS]"
+    echo "Example: $(basename "$0") -p 8021,2014 -d 300"
+    exit 1
+}
+
+# Set default duration
+DURATION=10
+
+# Parse arguments
+while getopts "p:d:h" opt; do
+    case $opt in
+        p) IFS=',' read -r -a PORTS <<< "$OPTARG" ;;
+        d) DURATION="$OPTARG" ;;
+        *) usage ;;
+    esac
+done
+
+# Check required arguments
+[[ ${#PORTS[@]} -eq 0 ]] && usage
+
+cleanup() {
+    sudo tc qdisc del dev lo root 2>/dev/null
+    echo "Traffic restored"
+}
+
+# Set up cleanup on script exit
+trap cleanup EXIT INT TERM
+
+# Block ports
+echo "Blocking ports ${PORTS[*]} for $DURATION seconds..."
+
+sudo tc qdisc add dev lo root handle 1: prio
+sudo tc qdisc add dev lo parent 1:3 handle 30: netem loss 100%
+
+for port in "${PORTS[@]}"; do
+    sudo tc filter add dev lo protocol ip parent 1:0 prio 3 u32 match ip dport "$port" 0xffff flowid 1:3
+    sudo tc filter add dev lo protocol ip parent 1:0 prio 3 u32 match ip sport "$port" 0xffff flowid 1:3
+done
+
+sleep "$DURATION"