1.获取连接数最多的前10个ip
netstat -an | grep EST | awk '{print $5}' | awk -F ':' '{print $1}' |sort | uniq
2.书写排除192.168开头和127.0开头的ip
#!/bin/sh
for i in `cat ip.txt`
do
if [[ $i =~ "192.168" ]] || [[ $i =~ "172" ]];then
echo "$i pass"
else
echo "drop $i"> /var/log/ddos
iptables -I INPUT -s $i -j DROP > /var/log/ddos
fi
done