判断IP连接数前五，并自动加入防火墙

发布时间：2020-12-14 03:22:40 所属栏目：大数据来源：网络整理

导读：#!/bin/ bash#Author Template#Time 2018 - 07 - 02 22 : 06 file =$ 1 log_file =/tmp/ tmp.logJudgeExt(){ if expr " $1 " : " .*.log " /dev/ null ; then : else echo " Usage: $0 xxx.log " exit 1 fi }IpCount(){ grep " ESTABLISHED " $ 1 | gawk -F

#!/bin/bash
#Author Template
#Time 2018-07-02 22:06
file=$1
log_file=/tmp/tmp.log


JudgeExt(){
    if expr "$1" : ".*.log" &> /dev/null;then
        :
    else
        echo "Usage: $0 xxx.log"
        exit 1
    fi
}

IpCount(){

    grep "ESTABLISHED" $1 | gawk -F "[ :]+" ‘{++S[$(NF-3)]} END {for (key in S) print S[key],key}‘ | sort -rn -k1 | head -5 > $log_file

}

ipt(){
    local ip=$1
    if [ `iptabls -L -n | grep "$ip" | wc -l` -lt 1 ];then
        iptabls -I INPUT -s $ip -j DROP
        echo "$line  is dorpped" >> /tmp/drop_list_$(date +%F).log
    fi

}

main(){

    JudgeExt $file 
    while true
    do
        IpCount $file
        while read line
        do
            ip=`echo $line | gawk ‘{print $2}‘`
            count=`echo $line | gawk ‘{print $1}‘`
            if [ $count -gt 500 ];then
                ipt $ip
            fi
        done < $log_file
        sleep 180

    done
}
main

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!