#!/bin/bash
#Author Template
#Time 2018-07-02 22:06
file=$1
log_file=/tmp/tmp.log
JudgeExt(){
if expr "$1" : ".*\.log" &> /dev/null;then
:
else
echo "Usage: $0 xxx.log"
exit 1
fi
}
IpCount(){
grep "ESTABLISHED" $1 | gawk -F "[ :]+" '{++S[$(NF-3)]} END {for (key in S) print S[key],key}' | sort -rn -k1 | head -5 > $log_file
}
ipt(){
local ip=$1
if [ `iptabls -L -n | grep "$ip" | wc -l` -lt 1 ];then
iptabls -I INPUT -s $ip -j DROP
echo "$line is dorpped" >> /tmp/drop_list_$(date +%F).log
fi
}
main(){
JudgeExt $file
while true
do
IpCount $file
while read line
do
ip=`echo $line | gawk '{print $2}'`
count=`echo $line | gawk '{print $1}'`
if [ $count -gt 500 ];then
ipt $ip
fi
done < $log_file
sleep 180
done
}
main
浙公网安备 33010602011771号