例14
需求:封锁一分钟内请求次数大于100 的IP,半个小时候,如果该IP请求数小于100,那么解除封锁。
#!/bin/bash
block_ip()
{
t1=`date -d "-1 min" +%Y:%H:%M`
log=/sbin/iptables/access1.log
egrep '$t1:[0-9]+' $log >/tmp/lastmin.log
awk '{print $1}' access.log | sort | uniq -c | sort -n |awk '$1>100 {print $2}' >/tmp/block_ip.txt
n=`wc -l /tmp/block_ip.txt`
if [ $n -gt 0 ]
then
for ip in `cat /tmp/block_ip.txt`
do
iptables -I INPUT -s $ip -j REJECT
done
fi
}
unblock_ip()
{
iptables -nvL INPUT | sed '1,2d' | awk '{print $8}'>/tmp/good_ip.txt
n1=`wc -l /tmp/good_ip.txt`
if [ ! $n1 -eq 0 ]
then
for i in `cat /tmp/good_ip.txt`
do
iptables -D INPUT -s $ip -j REJECT
done
fi
iptables -Z
}
t2=`date +%M`
if [ $t2 == "00" ] || [ $t2 == "30" ]
then
unblock_ip
block_ip
else
block_ip
fi
知识点:iptables -I INPUT 插入一条记录到INPUT链;iptables -D INPUT 删除INPUT链的一条记录;iptables -Z清空pkts和bytes