安装ipset
yum install ipset
#创建ip地址集合
ipset create bansms hash:net
查找访问了“getVerificationCode”并且次数大于10次的ip
cat /usr/local/nginx/logs/access.log | grep getVerificationCode | awk '{print $1}' | sort | uniq -c | sort -n -k -r |awk '{if ($1>10) print $2}'
将IP添加到集合
ipset add bansms IP地址
添加到防火墙策略
iptables -I INPUT -m set --match-set bansms src -j DROP
service iptables save
service iptables stop
service iptables start
参考资料: