Submitted by admin on 2009, August 12, 1:33 PM. 脚本代码
封超过100个连接的IP:
#!/bin/sh
/bin/netstat -na|grep ESTABLISHED|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -rn|grep -v -E '172.16|127.0'|awk '{if ($2!=null && $1>100) {print $2}}'>/tmp/dropip
for i in $(cat /tmp/dropip)
do
/sbin/iptables -I INPUT -p tcp -m tcp -s $i --dport 80 --syn -j REJECT
echo "$i kill at `date`">>~river/ddos
done
 |
| « 2025年05月 » | ||||||
| 日 | 一 | 二 | 三 | 四 | 五 | 六 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
[11] [3] [5] [6] [27] [5] [20] [1] [6] [47] [2] [5] [7] [2] [17] [5] [24] [4] [9] [62] [30] [59] [71] [228] [16] [64] [11] [2] [3] [7] [9] [1] [10] [3] [14] [32] [16] [2] [4] [17] [2] [2] [8] [12] [6] [3] [15] [8] [3] [9] [1] [81] [2] [4] [5] [16] [3] [4] [18] [1]