shell黑名单

Posted 2021-02-10 风追海浪

#/bin/bash
netstat -ant | grep "EST" | grep -v "22000" | awk ‘{print $5}‘ | grep -v "^10" | cut -d ":" -f1 | sort | uniq -c | sort -nr | awk ‘$1 > 4 {print $1,$2}‘ > /root/root/black.txt

for i in `awk ‘{print $2}‘ /root/root/black.txt`
do
COUNT=`grep $i /root/root/black.txt | awk ‘{print $1}‘`
DEFINE="4"
ZERO="0"
if [ $COUNT -gt $DEFINE ];
  then
  grep $i /root/root/white.txt > /dev/null
    if [ $? -gt $ZERO ];
      then
      echo "$COUNT $i"
      iptables -F
      iptables -I INPUT -i em1 -p tcp -s $i -j DROP
    fi
fi
done    


iptables -I INPUT -i em1 -p tcp --dport 80 -m connlimit  --connlimit-above 10 -j DROP