欢迎各位兄弟 发布技术文章

这里的技术是共享的

You are here

自己写的 另一个 iptables 拦截防火墙功能 有大用 有大大用

crontab 里面

*/5 * * * * /bin/bash /root/drop_ip.sh

0 */3 * * * /bin/bash /root/drop_iptables.sh



[root@mail ~]# vim drop_ip.sh


#!/bin/bash

#

declare -i COUNT=20

declare -i COUNT2=280

drop_ip_arr=`tail -5000 /www/wdlinux/nginx-1.2.9/logs/access.log | grep -v "w.wzfzxx.com" | grep -v "211.149.205.29" | grep -v "101.247.127.33" | grep -v "admin21232f297" | grep -v '\.jpg\|\.png\|\.gif\|\.js\|\.png\|\.css'  |grep -v '114.217.193.132' | grep -v "Baiduspider" | grep -v "Sogou" | grep -v "YisouSpider" | grep -v "bingbot" | grep -v "360Spider" | grep -v "HaosouSpider" | grep -v "Googlebot"  | awk '{a[$1]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'`  #这个命令是打印出 ip 和次数(20次 (COUNT) 以上的) (比如结果为 11.12.13.14  30)


drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'`  #这个命令是ip的前三位弄出来,再加上 次数

echo "$drop_ip_arr2"

drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'`    #这个命令是ip的前三位弄出来加上 .0 ,然后 把次数大于 280 (COUNT2)的弄出来  (比如结果为 11.12.13.0)

#echo "$drop_ip"


 for i in $drop_ip; do

   if [  -n $i ] && ! /sbin/iptables -nvL | grep $i &>/dev/null ;then

     #echo ${i} `date`  >> /root/getipdate.txt

     /sbin/iptables -D INPUT -s $i/24 -j DROP &> /dev/null

     /sbin/iptables -I INPUT 2 -s $i/24 -j DROP

   fi

 done



[root@mail ~]# vim drop_iptables.sh

#!/bin/bash

#

table=/tmp/iptables.log

/sbin/iptables-save > $table

drop_ip=`cat $table |awk -F'[ ]' '/INPUT.*DROP/{if (NR>6){print $4}}'`

for i in $drop_ip; do

  /sbin/iptables -D INPUT -s $i -j DROP

done



又经过改写

[root@mail ~]# vim drop_ip.sh

#!/bin/bash

#

declare -i COUNT=20

declare -i COUNT2=200

drop_ip_arr=`tail -5000 /www/wdlinux/nginx-1.2.9/logs/access.log | grep -v "w.aaaaa.com" | grep -v "211.149.205.29" | grep -v "101.247.127.33" | grep -v "bbbbb" | grep -v '\.jpg\|\.png\|\.gif\|\.js\|\.png\|\.css'  |grep -v '114.217.193.132' | grep -v "Baiduspider" | grep -v "Sogou" | grep -v "YisouSpider" | grep -v "bingbot" | grep -v "360Spider" | grep -v "HaosouSpider" | grep -v "Googlebot"  | awk '{a[$1]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'`


drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'`

#echo "$drop_ip_arr2"

drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'`

drop_ip_bak=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i,a[i]}'`

echo "$drop_ip_bak"


 for i in $drop_ip; do

   if [  -n $i ] && !  /sbin/iptables -nvL | grep $i &>/dev/null ;then

     #echo ${i} `date`  >> /root/getipdate.txt

     /sbin/iptables -D INPUT -s $i/24 -p tcp --dport 80 -j DROP &> /dev/null

     /sbin/iptables -D INPUT -s $i/24 -p tcp --dport 443 -j DROP &> /dev/null

     /sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 80 -j DROP

     /sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 443 -j DROP

   fi

 done



[root@mail ~]# vim drop_iptables.sh

#!/bin/bash

#

table=/tmp/iptables.log

/sbin/iptables-save > $table

drop_ip=`cat $table |awk -F'[ ]' '/INPUT.*DROP/{if (NR>6){print $4}}'`

for i in $drop_ip; do

  echo $i

  /sbin/iptables -D INPUT -s $i -p tcp --dport 80 -j DROP

  /sbin/iptables -D INPUT -s $i -p tcp --dport 443 -j DROP

done

~




drop_ip.sh 这个是有用的  

[root@mail ~]# vim drop_ip.sh    # 最终版

#!/bin/bash

#

declare -i COUNT=20

declare -i COUNT2=400

drop_ip_arr=`tail -10000 /www/wdlinux/nginx-1.2.9/logs/access.log | grep -v "aaa" | grep -v "w.bbbb.com" | grep -v "211.149.xxx.29" | grep -v "101.247.yyy.33" | grep -v "cccc" | grep -v '\.jpg\|\.png\|\.gif\|\.js\|\.png\|\.css'  |grep -v '114.217.193.132' | grep -v "Baiduspider" | grep -v "baiduboxapp" | grep -v "Sogou" | grep -v "YisouSpider" | grep -v "bingbot" | grep -v "360Spider" | grep -v "HaosouSpider" | grep -v "Googlebot"  | awk '{a[$1]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'`


drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'`

#echo "$drop_ip_arr2"

drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'`

drop_ip_bak=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i,a[i]}'`

echo "$drop_ip_bak"


 for i in $drop_ip; do

   if [  -n $i ] && ! /sbin/iptables -nvL | grep $i &>/dev/null ;then

     #echo ${i} `date`  >> /root/getipdate.txt

     /sbin/iptables -D INPUT -s $i/24 -p tcp --dport 80 -j DROP &> /dev/null

     /sbin/iptables -D INPUT -s $i/24 -p tcp --dport 443 -j DROP &> /dev/null

     /sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 80 -j DROP

     /sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 443 -j DROP

   fi

 done



drop_ip2.sh 这个也是有用的

[root@mail ~]# vim drop_ip2.sh    # 最终版

#!/bin/bash

#

declare -i COUNT=20

declare -i COUNT2=60

drop_ip_arr=`tail -10000 /www/wdlinux/httpd-2.2.22/logs/access_log | grep "POST" | grep -v "w.aaa.com" | grep -v "w.bbb.com" | grep -v "de980JH--ccccc" | grep -v "dddd" | awk '{a[$2]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'`

echo "$drop_ip_arr"

echo "hui che1"

drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'`

echo "$drop_ip_arr2"

echo "hui che2"

drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'`

drop_ip_bak=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i,a[i]}'`

echo "$drop_ip_bak"

echo "hui che3"

 for i in $drop_ip; do

   if [  -n $i ] && ! /sbin/iptables -nvL | grep $i &>/dev/null ;then

     #echo ${i} `date`  >> /root/getipdate.txt

     /sbin/iptables -D INPUT -s $i/24 -p tcp --dport 80 -j DROP &> /dev/null

     /sbin/iptables -D INPUT -s $i/24 -p tcp --dport 443 -j DROP &> /dev/null

     /sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 80 -j DROP

     /sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 443 -j DROP

   fi

 done






[root@mail ~]# vim drop_iptables.sh    # 最终版

#!/bin/bash

#

table=/tmp/iptables.log

/sbin/iptables-save > $table

drop_ip=`cat $table |awk -F'[ ]' '/INPUT.*DROP/{if (NR>6){print $4}}'`

for i in $drop_ip; do

  #echo $i

  /sbin/iptables -D INPUT -s $i -p tcp --dport 80 -j DROP

  /sbin/iptables -D INPUT -s $i -p tcp --dport 443 -j DROP

done


普通分类: