#!/bin/bash
netstat -an |grep "ESTABLISHED" |awk '{print $4}' |awk -F ':' '{print $1}' |sort |uniq >> dropip
for ip in `cat dropip`
do
if [[ $ip =~ "192" ]] || [[ $ip =~ "127" ]];then
echo "pass"
else
echo "$ip"
cmd=`iptables -I INPUT -p tcp -s $ip -j DROP`
$cmd
echo "$cmd" >> /var/log/ddos
fi
done