1.从ip.txt文件中取出ip列表
2.将每一个ip设置到防火墙黑名单
cat ip.txt | while read line
do
echo "将IP加入黑名单:" $line
expect_setip $line
sleep 1
done
3.使用expect自动登录防火墙
function expect_setip(){
/usr/bin/expect << EOF
set timeout 30
spawn ssh -p 7022 root@10.138.1.1
expect {
"(yes/no)?" {
send "yes\n";
expect "*assword:" {
send "123456\n"
exp_continue
}
}
"*assword:" {
send "123456\n"
exp_continue
}
}
expect eof
EOF
}
-------------------------------------------------
spawn ssh -p 7022 root@10.138.1.1
User Authentication
Password:
<USG6300>
4.进入到防火墙系统视图
<USG6300>system-view
Enter system view, return user view with Ctrl+Z.
5.将IP加入到防火墙
[USG6300]firewall blacklist item source-ip 103.145.13.83
[USG6300]
6.查看IP黑名单列表
[USG6300]display firewall blacklist item
2023-05-12 23:07:16.380 +08:00
IP/port/protocol/user Reason Insert Time Age Time HitTimes
----------------------------------------------------------------------------------------------------------------------------
107.150.38.2 /any (src) /any/ Manual 2023/05/11 12:17:51 Permanent 10796
199.168.103.170 /any (src) /any/ Manual 2023/05/11 12:19:12 Permanent 1372
208.110.73.66 /any (src) /any/ Manual 2023/05/11 12:19:06 Permanent 3740
142.54.172.242 /any (src) /any/ Manual 2023/05/10 12:41:20 Permanent 24508
103.145.13.28 /any (src) /any/ Manual 2023/05/11 09:28:29 Permanent 61252
103.145.13.47 /any (src) /any/ Manual
[USG6300]