利用ip_conntrack表实现封ip的shell脚本

#!/bin/bash
#
#---------------------------------------------------------------------------------------
#Scrip name: killip, base on ip_conntrack, write by wwy.
#---------------------------------------------------------------------------------------

cpu=`sar -u 1 1 | awk '{print $7}' | tail -1`%
#
while [ "`pidof sleep`" ];do
        echo "she is running, sorry"
        exit 1
done
if [ ! "`lsmod | grep ip_conntrack`" ]; then
         modprobe ip_conntrack
fi

####################################
##---------------------- functions -----------------------------##
####################################

function make_clr {
        while read clr33;do
                cat /tmp/tmp111.txt | grep $clr33 >> /tmp/tmp33-3-clr.txt
        done > /tmp/tmp33-2-clr.txt
        done > /tmp/tmp33-1-clr.txt
        done /dev/null 2>/dev/null &
}
function kill() {
        SLEEP_TIME=$1
        CLR_LIST=$2
        BLACK_LIST=$3
        while read blackip;do
                iptables -I FORWARD 2 -i eth0 -s $blackip/32  -j DROP
        done <$BLACK_LIST
        sleep $SLEEP_TIME
        #-----------------------------------#
        while read clr3;do
                clr_conns $clr3
        done <$CLR_LIST
        #-----------------------------------#
        sleep 1
        while read reblackip;do
                iptables -D FORWARD -i eth0 -s $reblackip/32  -j DROP
        done <$BLACK_LIST

}
#####################################
##--------------- To make a "black list" ----------------------##
#####################################

echo > /tmp/tmp11.txt
echo > /tmp/tmp111.txt
echo > /tmp/ip_conntrack.tmp
echo > /tmp/tmp33-3-clr.txt
echo > /tmp/tmp33-2-clr.txt
echo > /tmp/tmp33-1-clr.txt
echo > /tmp/tmp22-3.txt
echo > /tmp/tmp22-2.txt
echo > /tmp/tmp22-1.txt
echo > /tmp/tmp33-3.txt
echo > /tmp/tmp33-2.txt
echo > /tmp/tmp33-1.txt
if [ ! -e /var/www/html/wwy/index.html ];then
        mkdir /var/www/html/wwy/
        mkdir /var/www/html/wwy/all
        mkdir /var/www/html/wwy/drop
5B
        touch /var/www/html/wwy/index.html
fi
#----------------------------------------------------------------------------#
echo -e "cp /proc/net/ip_conntrack /tmp/ip_conntrack.tmp ......\c"
cp /proc/net/ip_conntrack /tmp/ip_conntrack.tmp
echo -e "done!\n"
sleep 1
#----------------------------------------------------------------------------#
wc=`cat /tmp/ip_conntrack.tmp|grep ESTABLISHED|awk -F= '{print $2,$3,$4,$5}'|grep ^172. |sort|awk '{print $1,$3,$5,$7}'|tee /tmp/tmp111.txt|awk '{print $1}'|uniq -c|tee /tmp/tmp11.txt|wc -l`
date=`date '+%m/%d %H:%M'`
cpu2=`sar -u 1 1 | awk '{print $7}' | tail -1`%
date2=`date '+%H'`
#----------------------------------------------------------------------------#
sleep 1
#----------------------------------------------------------------------------#
#if [ "$wc" -gt 2500 ] && [ "$date2" -gt 10 ]
if [ "$wc" -ge 0 ]
then
#------------------------------
        awk '{$1}{if ($1>30 && $1<50) print $2}' /tmp/tmp11.txt > /tmp/tmp22-1.txt
        awk '{$1}{if ($1>=50 && $1<100) print $2}' /tmp/tmp11.txt > /tmp/tmp22-2.txt
        awk '{$1}{if ($1>=100) print $2}' /tmp/tmp11.txt > /tmp/tmp22-3.txt
        cut -c1-15 /tmp/tmp22-1.txt > /tmp/tmp33-1.txt
        cut -c1-15 /tmp/tmp22-2.txt > /tmp/tmp33-2.txt
        cut -c1-15 /tmp/tmp22-3.txt > /tmp/tmp33-3.txt
        wcblackip1=`cat /tmp/tmp33-1.txt | wc -l`
        wcblackip2=`cat /tmp/tmp33-2.txt | wc -l`
        wcblackip3=`cat /tmp/tmp33-3.txt | wc -l`

######################################
##---------------- To make a index.html -----------------------##
######################################

        echo "If the total IPs >2500 (total $wc at $date) AND if:" > /var/www/html/wwy/drop/index.html
        echo "
you connect \">100\", you ip will be killed in 30min.
" >>/var/www/html/wwy/drop/index.html
        echo "
you connect \"50-100\", you ip will be killed in 15min.
" >>/var/www/html/wwy/drop/index.html
        echo "
you connect \"30-50\", you ip will be killed in 10min.
" >>/var/www/html/wwy/drop/index.html
        echo "
" >> /var/www/html/wwy/drop/index.html
        echo "
These IPs (total $wcblackip3 + $wcblackip2 + $wcblackip1) were killed, at $date  (look-up all IPs)
" >> /var/www/html/wwy/drop/index.html
        awk '{$1}{if ($1>=100) print $1, $2}' /tmp/tmp11.txt|sort -nr|awk '{print "
"""$1"""\t",""$2"""\t""kill 30min""
"}' >> /var/www/html/wwy/drop/index.html
        awk '{$1}{if ($1>=50 && $1<100) print $1, $2}' /tmp/tmp11.txt|sort -nr|awk '{print "
"$1"\t",""$2"""\t""kill 15min""
"}' >> /var/www/html/wwy/drop/index.html
        awk '{$1}{if ($1>30 && $1<50) print $1, $2}' /tmp/tmp11.txt|sort -nr|awk '{print "
"$1"\t",""$2"""\t""kill 10min""
"}' >> /var/www/html/wwy/drop/index.html
        echo "
You can \"ctrl + F\" to find your ip's connects.(total $wc IPs at $date)
" > /var/www/html/wwy/all/index.html
        echo "
 <-- back 
" >> /var/www/html/wwy/all/index.html
        cat /tmp/tmp11.txt | sort -nr | awk '{print "
"$1"\t",$2"\t""
"}' >> /var/www/html/wwy/all/index.html

#####################################
##----------------- Use iptables to DROP ---------------------##
#####################################

        make_clr
        if [ -s /tmp/tmp33-3.txt ];then
                kill 30m /tmp/tmp33-3-clr.txt /tmp/tmp33-3.txt &
                sleep 1s
        fi
        if [ -s /tmp/tmp33-2.txt ];then
                kill 15m /tmp/tmp33-2-clr.txt /tmp/tmp33-2.txt &
                sleep 1s
        fi
        if [ -s /tmp/tmp33-1.txt ];then
                kill 10m /tmp/tmp33-1-clr.txt /tmp/tmp33-1.txt &
                sleep 1s
        fi

#-------------------------------
elif [ "$date2" -lt 5 ] && [ "$date2" -gt 3 ]
then
        while read clrall;do
                clr_conns $clrall
        done > /tmp/killip/tmp.log.txt
fi

#####################################
##------------------- make system log ------------------------##
#####################################
if [ ! -e /tmp/killip/tmp.log.txt ]; then
        mkdir /tmp/killip
        touch /tmp/killip/tmp.log.txt
fi
echo "$wc $date $cpu $cpu2 $wcblackip3 + $wcblackip2 + $wcblackip1" >> /tmp/killip/tmp.log.txt