#/bin/bash
#日志文件
logfile='/var/log/nginx/access.log'
hours=1
#开始时间
start_time=date -d "-$hours hour" +"%H:%M:%S"
#echo $start_time
#结束时间
stop_time=date +"%H:%M:%S"
#echo $stop_time
#过滤出单位之间内的日志并统计最高ip数
array=($(tac $logfile | awk -v st="$start_time" -v et="$stop_time" '{t=substr($4,RSTART+14,21);if(t>=st && t<=et) {print $0}}' \
| awk '{print $1}' | sort | uniq -c | sort -nr |awk '{if($1 > 5000){print $0}}'|awk '{print $2}'))
wait
for each in ${array[@]}
do
echo $each
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='$each' reject"done
firewall-cmd --reload