#!/bin/bash
touch abc.txt
echo '192.168.100.254 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' > abc.txt
echo '192.168.100.253 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.252 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.251 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.250 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.251 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.250 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
for i in {1..254}
do
echo "192.168.$(expr $i - 1 ).$i - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
echo "192.168.100.10 - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
echo "192.168.122.$i - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
echo "192.168.100.144 - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
done
ip=$(awk '{print $1}' abc.txt | sort | uniq)
for i in $ip
do
times=$(grep $i abc.txt | wc -l)
echo "$i 出现$times次"
if [ $times -gt 30 ];then
iptables -I INPUT -s $i -j DROP
fi
done
iptables -nL