cd /tmp/
cat /var/log/messages | grep "IP DROP" | awk '{print $12 " " $8}'| sed 's/SRC=//' | sort | uniq -c | sort -rn | awk '{print $2}' | awk 'NR < 20' >> topSneefer.auto
cat topSneefer.auto >> topSneefer.list
cat topSneefer.list | awk '{print "ipset add ban " $0}' >> ipset.list
получится список по типу
ipset add ban 1.0.0.0/8
install Ipset
yum install ipset
Creat list
ipset create ban hash:net
Show ipset list
ipset -L
Edit rule Iptables in conf script
$IPT -I FORWARD -m set --match-set ban src -j DROP
Run conf script
/tmp/iptables-start.sh
Check rules Iptables
iptables -n -L -v --line-numbers
Very needed command
less /var/log/messages | grep "IP DROP" | grep "Jun 2" | awk '{print $12 " " $8}'| sed 's/SRC=//' | sort | uniq -c | sort -rn | awk 'NR < 20' |awk '{print "ipset add ban " $2}'
less /var/log/messages | grep "IP DROP" | grep "Jul \|Jun " | awk '{print $12 " " $8}'| sed 's/SRC=//' | sort | uniq -c | sort -rn | awk 'NR < 20' |awk '{print $1 " " "ipset add ban " $2 "/24"}'
less /var/log/messages | grep "IP DROP"| grep "Jan 4"| awk '{print $12 " " $8}'| sed 's/SRC=//'|sort |uniq -c |sort -rn | awk 'NR < 20' |awk '{print "ipset add ban " $2}'