如果同一个IP异常连接超过某个值,就将该IP加入黑名单,180S后释放该IP
#!/bin/bash
ipset create blacklist hash:ip timeout 180
iplist=`netstat -ntu | awk '{print $5}'| cut -d':' -f1| sort |uniq -c | sed 'N;$d;P;D' | awk '{if($1>30)print $2}'`
for ip in $iplist
do
# iptables -I INPUT -s $ip -j DROP
ipset add blacklist $ip
echo "$ip is drop!"
done
iptables -D INPUT -m set --match-set blacklist src -j DROP
iptables -A INPUT -m set --match-set blacklist src -j DROP