查看当前连接端口数最多的ip地址排序,然后调用第三方接口查询ip归属地,然后利用ipset进行封禁 ipset https://www.itbunan.xyz/index.php/liu/314.html思路
所需软件
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
target_sheng_fen="Henan"
for line in `netstat -anlp|grep 80|grep tcp|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -n20|awk '{print $2}'`;
do
shengfen=`curl -s https://ipinfo.io/$line |awk -F\" '/region/{print $(NF-1)}'`
echo "省份为 $shengfen"
if [ "$shengfen" = "$target_sheng_fen" ]; then
echo "-->正在封禁 $line"
ipset add banlist $line ;
fi
done
参考
https://aglzg.com/index/archives/info/id/80.html