标签归档:iptables

拦截异常访问IP的shell

主要通过查看异常IP,将异常IP放入iptables进行拦截。

#!/bin/bash


function check(){
    touch /var/named/data/ddos/back_bad_ip.txt
    time=`date +"%Y-%m-%d %H:%M:%S"`
    ar=`wc -l /var/named/data/ddos/back_bad_ip.txt |awk '{print $1}'`
    sleep 1
    #红色自己改有端口, SYN_RECV等
    tail -n 100000 /var/named/data/query.log |grep 'cpsc.gov'|grep -v "STREAM"|awk '{print $5 }'|awk -F '#' '{print $1}'|sort|uniq -c |awk ' {print $1,$2}' > /var/named/data/ddos/bad_ip ;
    cat /var/named/data/ddos/bad_ip |awk -vtime="$time" '{print time"    |    " $1"    |    "$2}' >>/var/named/data/ddos/back_bad_ip.txt
    ar2=`wc -l /var/named/data/ddos/back_bad_ip.txt |awk '{print $1}'`
    for i in `awk '{print $2}' /var/named/data/ddos/bad_ip`
    do
    iptables -I INPUT -s $i -j DROP
    done
}

#间隔10s无限循环检查函数
while true
do 
        check
        #每隔10s检查一次,时间可根据需要自定义
        sleep 10
done

本文已经被查看331次