LEN

【转】iptables 限制恶意IP访问
通过iptables 限制恶意IP访问功能:限制每分钟,限制同1IP,访问同1URL,访问次数超过指定次数的IP地...
扫描右侧二维码阅读全文
08
2017/02

【转】iptables 限制恶意IP访问

通过iptables 限制恶意IP访问功能:限制每分钟,限制同1IP,访问同1URL,访问次数超过指定次数的IP地址。

脚本执行时,会过滤白名单(管理IP等 ),会过滤已经drop的IP。

目录结构如下:

/opt/sh/cc_sh/
|-- cc_iptables.sh       #执行脚本
|-- drop_ip.txt               #每次drop时的IP
|-- ip_White_list.txt        #IP白名单
`-- ip_black_list.txt         #IP黑名单

    # /opt/sh/cc_sh/cc_iptables.sh
    #/bin/sh
    export LANG=C
    date=`date "+%d/%b/%Y:%H:%M"`
    logs=/opt/nginx/logs/access.log
    max_conn=100
    white_list="/opt/sh/cc_sh/ip_white_list.txt"
    black_list="/opt/sh/cc_sh/ip_black_list.txt"
    drop_ip=/opt/sh/cc_sh/drop_ip.txt
    
    grep $date $logs | awk '{print $1,$7}' | sort | uniq -c | sort -rn | awk \
    
    '{if($1>"'"$max_conn"'"){print $2}}'|uniq > $drop_ip
    for ip in `cat $drop_ip`
    do
        /bin/grep $ip $white_list > /dev/null
        if [ $? != 0 ];then
            /sbin/iptables -vnL | grep $ip > /dev/null
            if [ $? != 0 ];then
                /sbin/iptables -A INPUT -s $ip -p tcp --dport 80 -j DROP
            fi
        fi
    done
    /sbin/iptables -vnL | grep DROP | awk '{print $8}' > $black_list

添加计划任务:

    */1 * * * *   /opt/sh/cc_sh/cc_iptables.sh

注:脚本里非系统命令,要使用绝对路径,否则有可能执行不成功。

原文地址 : https://www.chinasa.net/archives/165.html

Last modification:February 8th, 2017 at 07:09 pm
If you think my article is useful to you, please feel free to appreciate

Comment here is closed