#!/bin/bash #Author Template #Time 2018-07-02 22:06 file=$1 log_file=/tmp/tmp.log JudgeExt(){ if expr "$1" : ".*.log" &> /dev/null;then : else echo "Usage: $0 xxx.log" exit 1 fi } IpCount(){ grep "ESTABLISHED" $1 | gawk -F "[ :]+" '{++S[$(NF-3)]} END {for (key in S) print S[key],key}' | sort -rn -k1 | head -5 > $log_file } ipt(){ local ip=$1 if [ `iptabls -L -n | grep "$ip" | wc -l` -lt 1 ];then iptabls -I INPUT -s $ip -j DROP echo "$line is dorpped" >> /tmp/drop_list_$(date +%F).log fi } main(){ JudgeExt $file while true do IpCount $file while read line do ip=`echo $line | gawk '{print $2}'` count=`echo $line | gawk '{print $1}'` if [ $count -gt 500 ];then ipt $ip fi done < $log_file sleep 180 done } main