[原创]利用ip_conntrack表实现封ip的shell脚本,并有简单的web发布

wwy

实在是不好意思~  以为这种垃圾脚本不会有人看....谢谢各位了，代码可能是有些问题吧
本人能力有限，代码可能有些幼稚，而不实用，没什么编码风格，但如果能给想我一样正在学习shell的人们一些参考，是我的荣幸！

重新写了一遍：

1. 
   
2. #!/bin/bash
   
3. #
   
4. #---------------------------------------------------------------------------------------
   
5. #Scrip name: killip, base on ip_conntrack, write by wwy, at 2005-08-22 14:58:29
   
6. #---------------------------------------------------------------------------------------
   
7. 
   
8. [ "`ps ax | grep -v grep | grep $0 | wc -l`" -gt "2" ] && echo "It is running, sorry" && exit 1
   
9. [ "`lsmod | grep ip_conntrack`" ] || modprobe ip_conntrack
   
10. #
    
11. dir=/tmp/killip
    
12. tmp331=$dir/black_list-1.txt
    
13. tmp332=$dir/black_list-2.txt
    
14. tmp333=$dir/black_list-3.txt
    
15. tmp221=$dir/tmp22-1.txt
    
16. tmp222=$dir/tmp22-2.txt
    
17. tmp223=$dir/tmp22-3.txt
    
18. tmp331clr=$dir/tmp33-1-clr.txt
    
19. tmp332clr=$dir/tmp33-2-clr.txt
    
20. tmp333clr=$dir/tmp33-3-clr.txt
    
21. tmp111=$dir/tmp111.txt
    
22. tmp11=$dir/tmp11.txt
    
23. ips=/proc/net/ip_conntrack
    
24. ipc=$dir/ip_conntrack.tmp
    
25. log=$dir/log.txt
    
26. webdir=/var/www/html/wwy
    
27. cpu=`sar -u 1 1 | awk '{print $7}' | tail -2`
    
28. #
    
29. [ ! -e $dir ] && mkdir -p $dir
    
30. if [ ! -e $webdir/index.html ];then
    
31.        mkdir -p $webdir
    
32.        mkdir -p $webdir/all
    
33.        mkdir -p $webdir/drop
    
34.        touch $webdir/index.html
    
35. fi
    
36. 
    
37. #################################################################
    
38. ##---------------------- functions ----------------------------##
    
39. #################################################################
    
40. 
    
41. function make_clr {
    
42.         while read clr33;do
    
43.                 cat $tmp111 | grep $clr33 >> $tmp333clr
    
44.         done < $tmp333
    
45.         while read clr22;do
    
46.                 cat $tmp111 | grep $clr22 >> $tmp332clr
    
47.         done < $tmp332
    
48.         while read clr11;do
    
49.                 cat $tmp111 | grep $clr11 >> $tmp331clr
    
50.         done < $tmp331
    
51. }
    
52. function clr_conns {
    
53.         S_IP=$1
    
54.         D_IP=$2
    
55.         S_PORT=$3
    
56.         D_PORT=$4
    
57.         hping2 $D_IP -R -s $S_PORT -p $D_PORT -a $S_IP -k -c > /dev/null 2>&1 &
    
58. }
    
59. function kill {
    
60.         SLEEP_TIME=$1
    
61.         CLR_LIST=$2
    
62.         BLACK_LIST=$3
    
63.         while read blackip;do
    
64.                 iptables -I FORWARD -s $blackip/32 -j DROP
    
65.         done < $BLACK_LIST
    
66.         sleep $SLEEP_TIME
    
67.         #-----------------------------------#
    
68.         while read clr3;do
    
69.                 clr_conns $clr3
    
70.         done < $CLR_LIST
    
71.         #-----------------------------------#
    
72.         while read reblackip;do
    
73.                 iptables -D FORWARD -s $reblackip/32 -j DROP
    
74.         done < $BLACK_LIST
    
75. 
    
76. }
    
77. #################################################################
    
78. ##--------------- To make a "black list" ----------------------##
    
79. #################################################################
    
80. 
    
81. 
    
82. > $tmp11
    
83. > $tmp111
    
84. > $ipc
    
85. > $tmp333clr
    
86. > $tmp332clr
    
87. > $tmp331clr
    
88. > $tmp223
    
89. > $tmp222
    
90. > $tmp221
    
91. > $tmp333
    
92. > $tmp332
    
93. > $tmp331
    
94. 
    
95. #----------------------------------------------------------------------------#
    
96. cat $ips > $ipc
    
97. sleep 1
    
98. #----------------------------------------------------------------------------#
    
99. wc=`cat $ipc|grep ESTABLISHED|awk -F= '{print $2,$3,$4,$5}'|grep ^172. |sort|awk '{print $1,$3,$5,$7}'|tee $tmp111|awk '{print $1}'|uniq -c|tee $tmp11|wc -l`
    
100. date=`date '+%m/%d %H:%M'`
     
101. cpu2=`sar -u 1 1 | awk '{print $7}' | tail -2`
     
102. date2=`date '+%H'`
     
103. #----------------------------------------------------------------------------#
     
104. sleep 1
     
105. #----------------------------------------------------------------------------#
     
106. #if [ "$wc" -gt 2500 ] && [ "$date2" -gt 10 ]
     
107. if [ "$wc" -gt 0 ];then
     
108. #------------------------------
     
109.         awk '{$1}{if ($1>30 && $1<50) print $2}' $tmp11 > $tmp221
     
110.         awk '{$1}{if ($1>=50 && $1<100) print $2}' $tmp11 > $tmp222
     
111.         awk '{$1}{if ($1>=100) print $2}' $tmp11 > $tmp223
     
112.         cut -c1-15 $tmp221 > $tmp331
     
113.         cut -c1-15 $tmp222 > $tmp332
     
114.         cut -c1-15 $tmp223 > $tmp333
     
115.         wcblackip1=`cat $tmp331 | wc -l`
     
116.         wcblackip2=`cat $tmp332 | wc -l`
     
117.         wcblackip3=`cat $tmp333 | wc -l`
     
118. 
     
119. #################################################################
     
120. ##---------------- To make a index.html -----------------------##
     
121. #################################################################
     
122. 
     
123. ### drop web ###
     
124. cat > "$webdir/drop/index.html" << END
     
125.         <b>If the total IPs >2500 <font color="#ff0000">(total $wc at $date)</font> AND if:</b>
     
126.         <p>you connect <b>">100"</b>, you ip will be killed in <b>30min</b>.</p>
     
127.         <p>you connect <b>"50-100"</b>, you ip will be killed in <b>15min</b>.</p>
     
128.         <p>you connect <b>"30-50"</b>, you ip will be killed in <b>10min</b>.</p>
     
129.         <hr color="#ff8000">
     
130.         <p><b><font color="#ff0000">These IPs (total $wcblackip3 + $wcblackip2 + $wcblackip1) were killed, at <font size=5>$date</font></font>  <a href=../all>(look-up all IPs)</a></b></p>
     
131. END
     
132. awk '{$1}{if ($1>=100) print $1, $2}' $tmp11|sort -nr|awk '{print "<p>""<font color="#ff0000">"$1"</font>""\t","<b>"$2"</b>""\t""kill 30min""</p>"}' >> $webdir/drop/index.html
     
133. awk '{$1}{if ($1>=50 && $1<100) print $1, $2}' $tmp11|sort -nr|awk '{print "<p>"$1"\t","<b>"$2"</b>""\t""kill 15min""</p>"}' >> $webdir/drop/index.html
     
134. awk '{$1}{if ($1>30 && $1<50) print $1, $2}' $tmp11|sort -nr|awk '{print "<p>"$1"\t","<b>"$2"</b>""\t""kill 10min""</p>"}' >> $webdir/drop/index.html
     
135. 
     
136. ### all web ###
     
137. cat > "$webdir/all/index.html" << END
     
138.         <p><b>You can "ctrl + F" to find your ip's connects.(total $wc IPs at $date)</b></p>
     
139.         <p><a href=../drop> <-- back </a></p>
     
140. END
     
141. cat $tmp11 | sort -nr | awk '{print "<p>"$1"\t",$2"\t""</p>"}' >> $webdir/all/index.html
     
142. 
     
143. ################################################################
     
144. ##----------------- Use iptables to DROP ---------------------##
     
145. ################################################################
     
146. 
     
147.         make_clr
     
148.         [ -s $tmp333 ] && kill 30m $tmp333clr $tmp333 &
     
149.         [ -s $tmp332 ] && kill 15m $tmp332clr $tmp332 &
     
150.         [ -s $tmp331 ] && kill 10m $tmp331clr $tmp331 &
     
151. 
     
152. #-------------------------------
     
153. elif [ "$date2" -lt 5 ] && [ "$date2" -gt 3 ]
     
154. then
     
155.         while read clrall;do
     
156.                 clr_conns $clrall
     
157.         done < $tmp111
     
158.         echo "clr at $date " >> /$logdir/$log
     
159. fi
     
160. 
     
161. ################################################################
     
162. ##------------------- make system log ------------------------##
     
163. ################################################################
     
164. 
     
165. [ -e $log ] || touch $log
     
166. echo "$wc $date $cpu $cpu2 $wcblackip3 + $wcblackip2 + $wcblackip1" >> $log
     

复制代码