Scripting fun...
Smoot Carl-Mitchell
smoot at tic.com
Thu Jun 5 18:16:16 UTC 2008
On Thu, 2008-06-05 at 13:04 -0400, Bart Silverstrim wrote:
> #!/bin/sh
>
> grep -i slurp /var/log/apache-perl/access.log |awk '{print$1}' >
> ~/temp/tmp.txt
> sort ~/temp/tmp.txt > ~/temp/tmp2.txt
> uniq ~/temp/tmp2.txt > ~/temp/slurps.txt
>
> iptables -L INPUT -v -n |awk '{print$8}' |grep '[0-9]' > ~/temp/blocked.txt
>
> diff -y ~/temp/slurps.txt ~/temp/blocked.txt |grep '[>]'|awk '{print$2}'
> > ~/temp/newaddresses.txt
>
> for i in `cat ~/temp/newaddresses.txt`
> do
> iptables -A INPUT -s $i -j DROP
> done
You can simplify this a bit with pipes and a bit of subshelling and use
of uniq's -u flag. This also gets rid of all the temporary files.
(
grep -i slurp /var/log/apache-perl/access.log |awk '{print $1}' | sort | uniq;
iptables -L INPUT -v -n |awk '{print$8}' |grep '[0-9]
) | sort | uniq -u |
while read i; do
iptables -A INPUT -s $i -j DROP
done
uniq -u just prints the catenated IP addresses for iptables and from
your looks which have a single occurence (e.g. they are "new"). You
then just feed it into the while loop to add them to the iptables
configuration.
I'd of course do some debugging on this by replacing the iptables call
in the while loop with a call to echo e.g.
echo iptables -A INPUT -s $i -j DROP
--
Smoot Carl-Mitchell
System/Network Architect
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list