scripting fun
Bart Silverstrim
bsilver at chrononomicon.com
Fri Jun 6 14:03:22 UTC 2008
Mike Bird wrote:
> On Thu June 5 2008 14:30:32 Cameron Hutchison wrote:
>> Mike Bird <mgb-ubuntu at yosemite.net> writes:
>>> (3) For uniq IPs we need "sort -n | uniq" rather than "sort -nu".
>> Why? sort -n seems wrong in the first place since while IP addresses
>> have numeric components, they are not numeric themselves.
>>
>> Furthermore, I expect sorting numerically will not work with join(1)
>> or comm(1) since they would expect lexographic sorting.
>>
>> It seems to me a simpler "sort -u" should do the trick.
>
> You are correct, Cameron.
>
> It's often easier to diagnose problems in this kind of
> script with sorted IPs, but I had forgotten the join.
Thanks again, everyone!
So to be clear, the script I'm now using is...
**********
#!/bin/bash
join -v2 \
<(iptables -L INPUT -n | grep DROP | awk '{print $4}' | sort -u) \
<(grep -i slurp /var/log/apache-perl/access.log |awk '{print $1}' |
sort -u) | \
egrep '^([[:digit:]]+[.]){3}[[:digit:]]+$' |\
while read ip; do
iptables -A INPUT -s $ip -j DROP
done
***********
More information about the ubuntu-users
mailing list