#!/bin/bash
#
while true
do
awk ‘{print $1}‘ /usr/local/nginx/logs/access.log|grep -v "^$"|sort |uniq -c >/tmp/tmp.log
exec </tmp/tmp.log
while read line
do
ip=`echo $line |awk ‘{print $2}‘`
count=`echo $line | awk ‘{print $1}‘`
if [ $count -gt 100 ] && [ `iptables -L -n |grep "$ip" |wc -l` -lt 1 ]
then
iptables -I INPUT -s $ip -j DROP (封杀IP)
echo "$line is dropped" >> /tmp/droplist.log
fi
done
sleep 5
done
原文:http://yzg784534398.blog.51cto.com/9719002/1643892