#!/bin/bash

blackname=/home/kulusi/scripts/blackip_"$(date +%Y%m%d)"

# lastb显示所有登录系统失败的记录,此处把访问失败次数大于1000的IP添加到黑名单
lastb |awk '{S[$3]++}END{for(a in S)print a,S[a]}'|awk '{if($2>1000)print$1}' > $blackname

# 创建黑名单ipset(在/etc/firewall/ipset目录下生成blacklist.xml文件)
[ -f /etc/firewalld/ipsets/blacklist.xml ] || firewall-cmd --permanent --zone=public --new-ipset=blacklist --type=hash:ip

while read Address; do
  grep -q "$Address" /home/kulusi/scripts/blacklist &> /dev/null
  if [ $? -eq 0 ];then
    echo "[ $Address ]之前已经加入黑名单!"
    continue
  else
    echo "$Address" >> /home/kulusi/scripts/blacklist
    echo "[ $Address ]加入黑名单成功!"
    firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=$Address
  fi
done < $blackname

# 然后封禁 blacklist,首次应用后黑名单有新增也不必重复应用
#firewall-cmd --permanent --zone=public --add-rich-rule='rule source ipset=blacklist drop'
# 重启防火墙
firewall-cmd --reload
# 添加临时TCP端口5000
firewall-cmd --add-port=5000/tcp
# 查看防火墙配置信息
firewall-cmd --list-all