#!/bin/bash

touch /tmp/badipnew.log;touch /tmp/newip.log;

if [ ! -f "/tmp/badip.log" ];then

cat /var/log/secure|grep "authentication failure\|Did not receive identification"|grep -o '[0-9]\+\.[0-9\.]\+'|grep '\.' |sort|uniq > /tmp/badip.log;

for i in `cat /tmp/badip.log`;

do

echo $i;

iptables -t filter -A INPUT -s $i -m state --state NEW -j DROP ;

done;

fi

cat /var/log/secure|grep "authentication failure\|Did not receive identification"|grep -o '[0-9]\+\.[0-9\.]\+'|grep '\.' |sort|uniq > /tmp/badipnew.log;

diff /tmp/badip.log /tmp/badipnew.log |sed '1d'|grep ">"|awk '{print $2}' > /tmp/newip.log

cat /tmp/newip.log >> badip.log;

for i in `cat /tmp/newip.log`;

do

echo $i;

iptables -t filter -A INPUT -s $i -m state --state NEW -j DROP ;

done;

:>/tmp/badipnew.log;

:>/tmp/newip.log