*/10 * * * * /win/sh/firewalld_intercept_ip.sh
#!/bin/bash
IPs=`redis-cli -h 192.168.1.70 -p 6779 -a 'xxxx' -n 0 keys 'monitor:ip*' | awk -F : '{print $4}'`
for ip in $IPs;do
echo $i
number=`grep -r $ip /etc/firewalld/zones/block.xml | wc -l`
if [ $number -ge 1 ];then
echo "该${ip}已经封杀"
else
echo "$ip 准备杀死"
firewall-cmd --permanent --zone=block --add-source=${ip}
firewall-cmd --reload
fi
done
-a 密码
-n 指定库
0 零号库