(原創 Shell)可定時Block netstat 為 FIN_WAIT 的 IP 的 Shell

#!/bin/sh
for clear_ip in `cat ./sort_ip`; do
    if [ ${clear_ip%:*}!=127.0.0.1 ]; then
       iptables -D INPUT -p tcp --dport 80 -s ${clear_ip%:*} -j DROP
       echo "clear_ip ${clear_ip%:*}" >> ./log
    fi
done
tmp_date=`date`
netstat -anlp | grep 202.65.208.134:80 | grep FIN_WAIT | awk '{print $5}' > tmp_ip && sort tmp_ip > sort_ip && cp -rp sort_ip ${tmp_date// }
for block_ip in `cat ./sort_ip`; do
    if [ ${block_ip%:*}!=127.0.0.1 ]; then
       iptables -I INPUT -p tcp --dport 80 -s ${block_ip%:*} -j DROP
       echo "block_ip ${block_ip%:*}" >> ./log
    fi
done