非法ip自动加入防火墙
新搞了了台服务器,老是被人攻击,脑火的很,就写了一个脚本,加到cron里面
1 #!/bin/bash
2 firewall-cmd --list-all >/home/fireip ###f
3 grep -r “source address” fireip|awk ‘{print $4}’|cut -d’"’ -f2 >/home/firewallip
4 grep “SASL LOGIN authentication failed: authentication failure” /var/xc.log | awk ‘{print $7}’|awk -F: ‘{print $1}’|cut -d ‘[’ -f2 | cut - d ‘]’ -f1 |tail -1 >dropip //提取IP
5 for i in $(cat /home/dropip)
6 do
7 if
8 cat /home/firewallip |grep $i >/dev/null
9 [ ? − e q 0 ] ; t h e n 10 f i r e w a l l − c m d − − p e r m a n e n t − − a d d − r i c h − r u l