#!/bin/bash
IPLIST_FILE='/root/iplist.txt'
line=`iptables -t filter -nvL INPUT --line-number | grep cc-access | grep -v grep | awk '{print $1}'`
if [ "X$line" = "X" ]; then
iptables -t filter -N cc-access
fi
tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr |head -500 > $IPLIST_FILE
sed -i 's/^[][ ]*//g' $IPLIST_FILE
while read line
do
IP=`echo -n $line | awk '{if($1>20)print $3}'`
if [ -n "$IP" ];then
if [ -z "`iptables -nvL cc-access | grep $IP | grep -v grep`" ];then
iptables -t filter -I cc-access -m iprange --src-range $IP-$IP -j DROP
fi
fi
done < $IPLIST_FILE
iptables -t filter -D cc-access -j ACCEPT >/dev/null 2>&1
iptables -t filter -A cc-access -j ACCEPT
iptables -t filter -D INPUT -p tcp --dport 80 -j cc-access >/dev/null 2>&1
iptables -t filter -I INPUT -p tcp --dport 80 -j cc-access
