#!/bin/bash
netstat -ano | grep tcp | awk -F" " '{print $5}' | awk -F":" '{print $1}' | sort -t " " -k 1 | uniq -c | grep -vE "127.0.0.1|0.0.0.0" > ipfw.txt
sed -i "/^$/d" ipfw.txt
cat ipfw.txt
ipfw=(`cat ipfw.txt | awk -F" " '{print $2}'`) ; echo $ipfw
NR=$(cat ipfw.txt | wc -l); echo $NR
zdyljs=1000 ; echo "通路限制tcp連接配接數;$zdyljs"
echo "tcp連接配接數管控執行中,,,,, `date` " >> /root/jinzhiip.txt
for((i=0;i<$NR;i++))
do
ljs=`cat ipfw.txt | grep ${ipfw[$i]} | awk -F" " '{print $1}'` ; echo "${ipfw[$i]} 連接配接數為: $ljs"
if [ $ljs -gt $zdyljs ]
then
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="${ipfw[$i]}" port protocol="tcp" port="80" reject"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="${ipfw[$i]}" port protocol="tcp" port="443" reject"
firewall-cmd --reload
echo "${ipfw[$i]} 連接配接數為: $ljs 超過法制:$zdyljs 連接配接數,被禁止通路" >> /root/jinzhiip.txt
echo "${ipfw[$i]} 連接配接數為: $ljs 超過法制:$zdyjks 連接配接數,被禁止通路 并且計入日志檔案:/root/jinzhiip.txt"
echo "------------------------------------"
fi
done
echo "*/1 * * * * root /root/1.sh" >> /etc/crontab
![1、Linux 指令行使用技巧[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)