#! /bin/bash

grep 'spider' /home/logs/client/access.log |grep -v 'Baidu' |awk '{print $1}' >/root/ip1.txt  //日志中大部分蜘蛛都有spider的关键字，但是百度的不能封，所以过滤掉百度
grep 'YoudaoBot' /home/logs/client/access.log  | awk '{print $1}' >>/root/ip1.txt  // 封掉网易的有道
grep 'Yahoo!' /home/logs/client/access.log  | awk '{print $1}' >>/root/ip1.txt  //封掉雅虎
sort -n /root/ip1.txt |uniq  |sort |grep -v '192.168.0.' |grep -v '127.0.0.1'>/root/ip2.txt // 过滤掉信任IP
/sbin/iptables -nvL |awk '$1 <= 30 {print $8}' >/root/ip3.txt  // 如果一小时内，发包不超过30个就要解封
for ip in `cat /root/ip3.txt`; do /sbin/iptables -D INPUT -s $ip -j DROP ; done
/sbin/iptables -Z // 将iptables计数器置为0
for ip in `cat /root/ip2.txt`; do /sbin/iptables -I INPUT -s $ip -j DROP ; done