1.对于多次的网段进行封禁
2.加入定时任务,定期检查
#!/bin/bash
#获取多次重复的网段
netstat -anptu |awk \'{print $5}\' |awk -F\':\' \'{print $1}\' | sort | uniq |awk -F\'.\' \'{print $1"."$2}\' |sort |uniq -c > /baota-ip.txt
#先都解封了
while read line
do
iptables -D INPUT -p tcp -m state --state NEW -m tcp -s ${line} --dport 80 -j DROP
done < /error-ip.txt
#再筛选加入
while read line
do
#number是重复的次数,network是要封闭的网段
number=`echo $line |awk \'{print $1}\'`
ip=`echo $line |awk \'{print $2}\'`
network="${ip}.0.0/16"
> /error-ip.txt
#如果这个网段重复超过N次,则封禁
if [[ $number -ge 12 ]];then
echo $number >> /error-ip.txt
iptables -I INPUT -p tcp -m state --state NEW -m tcp -s ${number} --dport 80 -j DROP
fi
done < /baota-ip.txt