(原創 Shell)可定時Block netstat 為 FIN_WAIT 的 IP 的 Shell
- 詳細內容
- 分類: Shell
- 發佈: 2006-05-28, 週日 12:54
- 作者 Super User
- 點擊數: 18843
for clear_ip in `cat ./sort_ip`; do
if [ ${clear_ip%:*}!=127.0.0.1 ]; then
iptables -D INPUT -p tcp --dport 80 -s ${clear_ip%:*} -j DROP
echo "clear_ip ${clear_ip%:*}" >> ./log
fi
done
tmp_date=`date`
netstat -anlp | grep 202.65.208.134:80 | grep FIN_WAIT | awk '{print $5}' > tmp_ip && sort tmp_ip > sort_ip && cp -rp sort_ip ${tmp_date// }
for block_ip in `cat ./sort_ip`; do
if [ ${block_ip%:*}!=127.0.0.1 ]; then
iptables -I INPUT -p tcp --dport 80 -s ${block_ip%:*} -j DROP
echo "block_ip ${block_ip%:*}" >> ./log
fi
done