zoukankan      html  css  js  c++  java
  • 脚本自动封掉并发数过高的 IP

    防止扫描器对服务器恶意扫描,可以对 iptables 规则做了比较严格的配置。

    以下配置可作为参考:

    #lo
    -A INPUT -i lo -j ACCEPT
    -A OUTPUT -o lo -j ACCEPT
    #Established
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    #http/https
    -A INPUT -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
    -A OUTPUT -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
    #ssh
    -A INPUT -p tcp --dport [sshport] -m state --state NEW,ESTABLISHED -j ACCEPT
    -A OUTPUT -p tcp --sport [sshport] -m state --state ESTABLISHED -j ACCEPT
    #manage
    -A INPUT -p tcp --dport [manageport] -j ACCEPT
    -A OUTPUT -p tcp --dport [manageport] -j ACCEPT
    #anti-ddos
    -A INPUT -p tcp --dport 80 -m limit --limit 200/minute --limit-burst 2000 -j ACCEPT
    #protect-port
    -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT
    #max-conn
    -A INPUT -p tcp -m tcp --dport 80 -m connlimit --connlimit-above 60 --connlimit-mask 32 -j REJECT --      reject-with icmp-port-unreachable
    #log
    -A INPUT -m limit --limit 40/min -j LOG --log-prefix "iptables denied: " --log-level 7
    -A OUTPUT -m limit --limit 40/min -j LOG --log-prefix "iptables denied: " --log-level 7
    #default
    -A INPUT -j DROP
    -A OUTPUT -j DROP
    -A FORWARD -j DROP

    需要自动将并发数高的IP屏蔽使用以下代码:

    #!/bin/sh
    status=`netstat -na|awk '$5 ~ /[0-9]+:[0-9]+/ {print $5}' |awk -F ":" -- '{print $1}' |sort -n|uniq -c |sort -n|tail -n 1`
    NUM=`echo $status|awk '{print $1}'`
    IP=`echo $status|awk '{print $2}'`
    result=`echo "$NUM > 60" | bc`
    if [ $result = 1 -a $IP != "54.68.xxx.xxx" ]
    then
      echo IP:$IP is over $NUM, BANNED!  $(date "+%x %r") >> bannedIP.txt
      /sbin/iptables -I INPUT -s $IP -j DROP
    fi
    iptables Code

    备注:

    要封停一个 IP,使用下面这条命令:
    #iptables -I INPUT -s ***.***.***.*** -j DROP
    要解封一个 IP,使用下面这条命令:
    #iptables -D INPUT -s ***.***.***.*** -j DROP

    如果要想清空封掉的 IP 地址,可以输入:
    #iptables --flush
    添加 IP 段到封停列表中,使用下面的命令:
    #iptables -I INPUT -s 121.0.0.0/8 -j DROP



  • 相关阅读:
    2017 Multi-University Training Contest 2.Balala Power!(贪心)
    2017ICPCECIC C.A math problem(高次剩余)
    Atcoder 068E
    51nod 1385 凑数字(贪心+构造)
    cf round #418 div2 D. An overnight dance in discotheque(贪心)
    cf round #418 div2 C. An impassioned circulation of affection(暴力)
    cf round #424 div2 E. Cards Sorting(线段树)
    Atcoder 077E
    hdu 6162 Ch’s gift(树链剖分+主席树)
    Educational Codeforces Round 26 D. Round Subset(dp)
  • 原文地址:https://www.cnblogs.com/Mrhuangrui/p/4610775.html
Copyright © 2011-2022 走看看