#! /bin/sh
/bin/netstat -anp> /root/peter/log/net/`date "+%Y-%m-%d-%H:%M"`-net.txt
cat /root/peter/log/net/`date "+%Y-%m-%d-%H:%M"`-net.txt| grep -v "0.0.0.0"|grep -v "127.0.0.1"|grep -v "66.49.194.253"|grep -v "unix"|awk '{print $5}' | awk -F: '{print $1'}  > c.txt
rm ip.txt
rm acc.txt
rm b.txt
rm process
rm process1
rm process2
rm iptables.txt
echo "255" >> c.txt
previous=""
count=0
for i in `sort c.txt`
do
 if [ "$i" != "$previous" ]
 then
     echo $count " " $previous >> acc.txt
     previous=$i
     count=1
 else
    count=`expr $count + 1`
 fi
done
sort -r -g acc.txt >> b.txt
awk '{
                    if ($1 > 100 )
print $2
}' < b.txt > ip.txt
/sbin/iptables -L -n > /root/peter/iptables.txt
for i in `cat ip.txt`
do
/bin/grep $i /root/peter/iptables.txt 
if [ $? -eq 1 ]
then
`/sbin/iptables -I INPUT -s $i/32 -j DROP`
grep $i /root/peter/log/net/`date "+%Y-%m-%d-%H:%M"`-net.txt > process
cat process | wc -l > process1
/usr/bin/w | head -n1 > process2
cat process2 >> process
cat process >> process1
/bin/mail  -s "$i iptable rule auto added on `hostname` " peterkok@peter-angela.com < process1
fi
done