#!/bin/bash
IPLIST_FILE='/root/iplist.txt'
line=`iptables -t filter -nvL INPUT --line-number | grep cc-access | grep -v grep | awk '{print 1}'`
if [ "Xline" = "X" ]; then
iptables -t filter -N cc-access
fi
tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print 1"."2"."3"."4}' | sort | uniq -c | sort -nr |head -500 > IPLIST_FILE
sed -i 's/^[][ ]*//g'IPLIST_FILE
while read line
do
IP=`echo -n line | awk '{if(1>20)print 3}'`
if [ -n "IP" ];then
if [ -z "`iptables -nvL cc-access | grep IP | grep -v grep`" ];then
iptables -t filter -I cc-access -m iprange --src-rangeIP-IP -j DROP
fi
fi
done<IPLIST_FILE
iptables -t filter -D cc-access -j ACCEPT >/dev/null 2>&1
iptables -t filter -A cc-access -j ACCEPT
iptables -t filter -D INPUT -p tcp --dport 80 -j cc-access >/dev/null 2>&1
iptables -t filter -I INPUT -p tcp --dport 80 -j cc-access
