- 编写脚本
[root@localhost shell]# vim iplist #文件中放入检测的ip
192.168.253.123
192.168.253.130
127.0.0.1
172.1.1.0
[root@localhost shell]# vim location_ip.sh #脚本名称#!/bin/bash
for ip in `cat iplist` #遍历iplist这个文件
do
if [[ $ip =~ "192" ]] || [[ $ip =~ "127" ]];then #模糊查询以192、127开头的ip [[ ]] 支持正则匹配
echo "$ip is ok!"
else
echo "$ip is not ok!"
iptables -I INPUT -ptcp -s $ip -j DROP #从防火墙删除这个ip
fi
done
2 .测试脚本
[root@localhost shell]# chmod +x location_ip.sh #给脚本执行权限
[root@localhost shell]# sh location_ip.sh
192.168.253.123 is ok!
192.168.253.130 is ok!
127.0.0.1 is ok!
172.1.1.0 is not ok![root@localhost shell]# iptables -L #可以看到172开头的ip已经被删除了
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 172-1-1-0.lightspeed.hstntx.sbcglobal.net anywhere