/data/safe/black_ip.txt文件内容如下
脚本代码如下:
- 47.76.35.19
- 106.113.0.0/16
- 223.72.15.0/24
- 1.192.240.0/24
- 120.245.60.0/24
- 120.245.86.0/24
- 8.142.26.0/24
- 207.241.235.0/24
- 64.124.8.0/24
- 47.76.209.0/24
- 47.76.99.0/24
- 47.76.222.0/24
- 47.76.220.0/24
- 103.145.58.152
- 113.85.88.54
- 38.6.177.71
- 183.234.187.219
- 150.129.80.23
- 165.154.23.176
- 44.220.188.10
- 123.58.212.117
- 165.154.7.17
- 165.154.7.132
- 165.154.23.40
- 103.218.243.111
- 165.154.40.6
- 152.32.215.103
- 165.154.24.85
- 152.32.133.56
- 165.154.7.218
- 165.154.40.197
- 118.193.33.115
- 152.32.134.157
- 121.52.220.203
- 44.220.185.70
- 165.154.7.133
- 152.32.186.203
- 165.154.42.116
- 118.193.35.4
- 165.154.43.111
- 165.154.41.241
- 101.36.110.41
- 101.36.120.237
- 101.36.120.5
- 152.32.211.152
- 101.36.125.223
- 103.73.160.217
- 44.220.185.47
- 152.32.128.173
- 101.36.120.88
- 101.36.110.244
- 218.78.107.28
- 150.129.80.32
- 103.149.90.11
- 44.220.188.54
- 103.150.10.56
- 103.148.244.196
- 47.76.209.138
- 47.76.99.127
- 1.192.242.0/24
- 1.192.241.0/24
- 1.192.246.0/24
- 1.192.0.0/24
- 1.192.2.0/24
- 1.192.243.0/24
- 1.192.245.0/24
- 1.192.3.0/24
- 1.192.1.0/24
- 1.192.244.0/24
- 1.192.98.0/24
- 1.192.1510/24
- 103.241.72.22
- 3.8.170.177
如有遗漏或者错误请修改那黑名单的txt文件。
- blacklist_file="/data/safe/black_ip.txt"
- before_rules_file="/etc/ufw/before.rules"
- flagmod=false # 初始化标识为 false
- # 检查黑名单文件是否存在
- if [ -e "$blacklist_file" ]; then
- # 获取文件的修改时间
- last_modified=$(stat -c %Y "$blacklist_file")
- # 获取当前时间
- current_time=$(date +%s)
- # 计算文件修改距离当前时间的秒数
- time_difference=$((current_time - last_modified))
- # 检查文件是否在当前六分钟内修改过
- if [ "$time_difference" -le 360 ]; then
- # 读取黑名单文件中的IP
- while IFS= read -r black_ip
- do
- #检查是否符合IP或者IP段规则
- if [[ "$black_ip" =~ ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$ || "$black_ip" =~ ^[0-9]+.[0-9]+.[0-9]+.[0-9]+/[0-9]+$ ]]; then
- # 检查是否在before.rules中
- if ! grep -q "$black_ip" "$before_rules_file"; then
- # 如果不在,找到 "# End required lines" 所在行
- end_line=$(grep -n "# End required lines" "$before_rules_file" | cut -d: -f1)
- # 在 "# End required lines" 后添加新规则
- sed -i "${end_line}a-A ufw-before-input -s $black_ip -j DROP" "$before_rules_file"
- echo `date +"%Y-%m-%d %H:%M:%S"` "增加 $black_ip 到 $before_rules_file" >> /data/safe/cron.log
- flagmod=true # 将标识设置为 true,表示有新增阻止IP
- fi
- fi
- done < "$blacklist_file"
- # 重新加载ufw规则
- if [ "$flagmod" = true ]; then
- sudo ufw reload
- fi
- fi
- fi