1. 程式人生 > >遮蔽刷postfix IP的指令碼

遮蔽刷postfix IP的指令碼

#!/bin/bash

LOGFILE="/var/log/maillog"

#統計maillog中authentication failure的IP個數與IP
grep "authentication failure" $LOGFILE|awk '{print $7}'|grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"|sort|uniq -c > af_iplist.txt

#取出AF出現大於300次時的IP
awk '$1>300 {print $2}' af_iplist.txt > block_ip_list.txt

#大於300次AF的IP新增到iptables中
cat block_ip_list.txt|while read line
do
/sbin/iptables -nL | grep $line
if [ $? != 0 ]
then
    iptables -I INPUT -s $line -j DROP
fi
done

---------------------  作者:BecanDiao  來源:CSDN  原文:https://blog.csdn.net/github_38816863/article/details/72614694  版權宣告:本文為博主原創文章,轉載請附上博文連結!