#!/bin/bash

LOGFILE="/var/log/maillog"

#統計maillog中authentication failure的IP個數與IP
grep "authentication failure" $LOGFILE|awk '{print $7}'|grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"|sort|uniq -c > af_iplist.txt

#取出AF出現大於300次時的IP
awk '$1>300 {print $2}' af_iplist.txt > block_ip_list.txt

#大於300次AF的IP新增到iptables中
cat block_ip_list.txt|while read line
do
/sbin/iptables -nL | grep $line
if [ $? != 0 ]
then
    iptables -I INPUT -s $line -j DROP
fi
done
 

---------------------  作者：BecanDiao  來源：CSDN  原文：https://blog.csdn.net/github_38816863/article/details/72614694  版權宣告：本文為博主原創文章，轉載請附上博文連結！