方法1:
#!/bin/sh
While true
do
awk ‘{print $1}’.access.log|grep –v “^$”|sort|uniq –c >/tmp/access.log
#netstat –an|grep EST|awk –F ‘[ :]+’ ‘{print $6}’|sort|uniq –c >/tmp/access.log 判断网络连接数
exec </tmp/access.log
while read line
do
ip=`echo $line|awk ‘{print $2}’`
count=`echo $line|awk ‘{print $1}’
if [$count –gt 100 ] && [ `iptables –L -n|grep “$ip”|wc –l` -lt 1 ]
then
iptables –A INPUT –s $ip -j DROP
echo “$line is dropped” >>/tmp/droplist.log
fi
done
sleep 180
done
方法2:
#!/bin/sh
if [ $# -ne 1 ];then
echo "USAGE:$0 ARG"
exit
fi
ipt(){
awk '{print $1}' $1 |sort|uniq -c|sort -rn -k1 >/tmp/access.log
exec </tmp/access.log
while read line
do
ip=`echo $line|awk '{print $2}'`
count=`echo $line|awk '{print $1}'`
if [ "$count" -gt 100 -a `iptables -L -n|grep "$ip"|wc -l` -lt 1 ];then
iptables -I INPUT -s "$ip" -j DROP
echo "$ip" >>/tmp/ip_$(date +%F).log
fi
done
}
del(){
touch /tmp/ip_$(date +%F -d '-1day').log
exec </tmp/ip_$(date +%F -d '-1day').log
while read line
do
if [ `iptables -L -n|grep "$line"|wc -l` -le 1 ];then
iptables -D INPUT -s $line -j DROP
fi
done
}
main(){
while true
do
ipt $1
sleep 5
del
done
}
main $*