ip drop

더 줄일라다가 20까지만 허용, 나머지는 모두 드랍.

 

*/2 * * * * /home/ipdeny.sh

 

 

topip=`awk '{print $1}' /var/log/httpd/$ii|grep '^[0-9]'|sort|uniq -c|sort -nr|awk '($1) > 20'|awk '{print $2}'`
for i in $topip
do

findip=`/sbin/iptables -vnL|grep DROP|awk '{print $8}'|grep "$i"`

if [ ! -n "$findip" ]
then
/sbin/iptables -A INPUT -s $i/32 -j DROP
echo "/sbin/iptables -A INPUT -s $i/32 -j DROP"
else
echo "pass"
fi

done