文件名:ip_fire.sh
内容:
#!/bin/bash #iptables iptables_run(){ #修改日志文件 grep -e "^kern.*" /etc/rsyslog.conf flag_k=$? if [ $flag_k -eq 0 ] then echo "rsyslog日志指定文件已存在" else sed -i '/#kern.* \/dev\/console/a\kern.* /var/log/iptables.log' /etc/rsyslog.conf fi service rsyslog restart #添加策略记录日志 iptables -I OUTPUT 1 -j LOG service iptables restart sleep 10 ls /var/log/iptables.log flag_t=$? if [ $flag_t -eq 0 ] then echo "iptables.log日志记录文件已生成" fi } #firewalld firewalld_run(){ #修改日志文件 grep -e "^kern.*" /etc/rsyslog.conf flag_k=$? if [ $flag_k -eq 0 ] then echo "rsyslog日志指定文件已存在" else sed -i '/#kern.* \/dev\/console/a\kern.* /var/log/iptables.log' /etc/rsyslog.conf fi service rsyslog restart #开启日志记录 grep -e "^LogDenied=all" /etc/firewalld/firewalld.conf flag_k=$? if [ $flag_k -eq 0 ] then echo "firewalld记录日志已开启" else sed -i '/#LogDenied=off/a\LogDenied=all' /etc/firewalld/firewalld.conf fi #添加日志记录 #firewall-cmd --permanent --zone=public --direct --add-rule ipv4 filter OUTPUT 0 -j LOG
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -j LOG service firewalld restart sleep 10 ls /var/log/iptables.log flag_t=$? if [ $flag_t -eq 0 ] then echo "iptables.log日志记录文件已生成" fi } main(){ #判断iptables文件是否存在 ls /etc/sysconfig/iptables &> /dev/null flag_i=$? if [ $flag_i -eq 0 ] then echo "iptables文件存在" fi #判断firewalld文件是否存在 ls /etc/firewalld/zones/public.xml &> /dev/null flag_f=$? if [ $flag_f -eq 0 ] then echo "firewalld文件存在" fi #判断执行哪个函数 if [ $flag_i -eq 0 ] && [ $flag_f -eq 0 ] then echo "执行firewalld的两个文件" firewalld_run #break elif [ $flag_f -eq 0 ] then echo "执行firewalld" firewalld_run #break elif [ $flag_i -eq 0 ] then echo "执行iptables" iptables_run #break else echo "不存在iptables和firewalld文件" fi } main #查找最后一条策略命令 #iptables -nL OUTPUT_direct --line-numbers|grep DROP|cut -d " " -f 1 | tail -1f #cat /var/log/iptables.log | awk '{print $9}'| tr -d "DST=" | sort |uniq > ip_address.txt #cat /var/log/iptables.log | awk '{print $9}' | sort |uniq |tr "=" "\t\t"