#/bin/bash netstat -ant | grep "EST" | grep -v "22000" | awk '{print $5}' | grep -v "^10" | cut -d ":" -f1 | sort | uniq -c | sort -nr | awk '$1 > 4 {print $1,$2}' > /root/root/black.txt for i in `awk '{print $2}' /root/root/black.txt` do COUNT=`grep $i /root/root/black.txt | awk '{print $1}'` DEFINE="4" ZERO="0" if [ $COUNT -gt $DEFINE ]; then grep $i /root/root/white.txt > /dev/null if [ $? -gt $ZERO ]; then echo "$COUNT $i" iptables -F iptables -I INPUT -i em1 -p tcp -s $i -j DROP fi fi done iptables -I INPUT -i em1 -p tcp --dport 80 -m connlimit --connlimit-above 10 -j DROP