编辑代码

#!/bin/bash

#比较输入数字大小
#


#nginx日志过滤防ddos攻击
#构造虚拟nginx日志
touch abc.txt
echo '192.168.100.254 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' > abc.txt
echo '192.168.100.253 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.252 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.251 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.250 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.251 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt
echo '192.168.100.250 - - [17/Dec/2017:14:45:59 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.100.10/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" "-"' >> abc.txt

for i in {1..254}
do
echo "192.168.$(expr $i - 1 ).$i - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
echo "192.168.100.10 - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
echo "192.168.122.$i - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
echo "192.168.100.144 - - [17/Dec/2017:14:45:59 +0800] 'GET /nginx-logo.png HTTP/1.1' 200 368 'http://192.168.100.10/' 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0' '-'" >> abc.txt
done
#cat abc.txt
#获取ip清单
ip=$(awk '{print $1}' abc.txt | sort | uniq)
#统计ip次数
for i in $ip
do
times=$(grep $i abc.txt | wc -l)
echo "$i  出现$times次"
if [ $times -gt 30 ];then
  iptables -I INPUT -s $i -j DROP
fi
done
iptables -nL