#!/bin/bash
while [ 1 -eq 1 ]
do
block_ip=`awk '{IP[$1]++} END{for (i in IP) {print i,IP[i]}}' /var/log/httpd/access_log | awk '$2>1000{print $1}'`
block_source=`firewall-cmd --zone=block --list-sources`
flag=0
for i in $block_ip
do
flag2=1
for j in $block_source
do
if [ "$i" == "$j" ];then
flag2=0
break
fi
done
if [ $flag2 -eq 1 ];then
echo "添加黑名单$i" >> black_ip.txt
firewall-cmd --permanent --zone=block --add-source=$i >> black_ip.txt
flag=1
fi
done
if [ $flag -eq 1 ];then
firewall-cmd --reload >> black_ip.txt
fi
sleep 2
done