[root@gateway1 denyip]# more 24wwwip.sh
#!/bin/bash
#/root/shell/denyip/wwwip.sh|cut -d: -f1|uniq|cut -d. -f1-3|uniq -c|more
/root/shell/denyip/wwwip.sh|cut -d: -f1|uniq|cut -d. -f1-2|uniq -c|sort -nr|more
[root@gateway1 denyip]# more denyip.sh
#!/bin/bash
PATH=/sbin:$PATH

logfile=/var/log/denyip.log

date +%Y-%m-%d' '%H:%M:%S' ' >> $logfile
uptime|sed s/^.*average:[[:blank:]]/'average load: '/ >> $logfile

enableDenyCheck=`uptime | awk '{print $10}' | cut -d',' -f1 | awk '{print ($1 > 3)?"1":"0";}'`;
if [ "$enableDenyCheck" -eq "0" ]; then
    echo '' >> $logfile
    exit 0;
fi

/root/shell/denyip/countwwwip.sh|grep -v -f /root/shell/denyip/notdenyip.cfg > /tmp/ip.tmp

grep -v ^'     ' /tmp/ip.tmp > /tmp/ip.txt
grep ^....' '[5-9] /tmp/ip.tmp >> /tmp/ip.txt

if
  grep . /tmp/ip.txt >/dev/null
then
  #cat /tmp/ip.tmp >> /var/www/html/log/denyip.txt
   #sed s/^.*[[:blank:]]/'iptables -I INPUT -p tcp --dport 80 -j DROP -s '/ /tmp/ip.txt | /bin/bash

  #·?ip
  sed s/^.*[[:blank:]]/'iptables -I INPUT -p tcp --dport 80 --syn -j DROP -s '/ /tmp/ip.txt | /bin/bash
  sed s/^.*[[:blank:]]/'iptables -I INPUT -p tcp --dport 80 --syn -m limit --limit 5\/m -j ACCEPT -s '/ /tmp/ip.txt | /bin/bash
 
  #???????
  fname=/root/shell/denyip/denyip/"ip"`date +%Y%m%d%H%M%S`
  sed s/^.*[[:blank:]]/'iptables -D INPUT -p tcp --dport 80 --syn -j DROP -s '/ /tmp/ip.txt >$fname
  sed s/^.*[[:blank:]]/'iptables -D INPUT -p tcp --dport 80 --syn -m limit --limit 5\/m -j ACCEPT -s '/ /tmp/ip.txt >>$fname
 
  echo '*****************************' >> $logfile
  sed s/^.*[[:blank:]]/'Denying IP '/ /tmp/ip.txt >>$logfile

  #iptables-save > /etc/sysconfig/iptables
fi
echo '' >> $logfile

#?С???
for fname in `find /root/shell/denyip/denyip/ -type f -mmin +60`
do
  chmod u+x $fname
  cat $fname| /bin/bash &>/dev/null
  rm -f $fname
done