#/bin/bash
#日志文件
logfile=‘/var/log/nginx/access.log‘

hours=1

#开始时间
start_time=date -d "-$hours hour" +"%H:%M:%S"
#echo $start_time

#结束时间
stop_time=date +"%H:%M:%S"

#echo $stop_time
#过滤出单位之间内的日志并统计最高ip数
array=($(tac $logfile | awk -v st="$start_time" -v et="$stop_time" ‘{t=substr($4,RSTART+14,21);if(t>=st && t<=et) {print $0}}‘ \
| awk ‘{print $1}‘ | sort | uniq -c | sort -nr |awk ‘{if($1 > 5000){print $0}}‘|awk ‘{print $2}‘))

wait

for each in ${array[@]}
do

echo $each

firewall-cmd --permanent --add-rich-rule="rule family=‘ipv4‘ source address=‘$each‘ reject"

done

firewall-cmd --reload

原文地址：http://blog.51cto.com/1054054/2295942