Bash脚本批量转换IP地址到CIDR?

时间:2014-03-04 23:08:43

标签: bash batch-file ip iptables

好的,这是问题所在。

我有一个我在服务器上阻止的IP地址的明文列表,每天变得越来越笨拙(仅今天就增加了3000多个条目)。

它已经被重复排序,所以这不是问题。我想做的是编写一个脚本来完成它并将这些条目合并得更好以进行大规模阻塞。

例如,拿这个:

2.132.35.104
2.132.79.240
2.132.99.87
2.132.236.34
2.132.245.30

把它变成这个:

2.132.0.0/16

有关如何在bash脚本中对其进行编码的任何建议吗?

更新:我已经分道扬出如何做我需要的东西。将其转换为/ 24很容易,如下所示:

cat /usr/local/blocks/blocks.txt | while read line; do
    oc1=`echo "$line" | cut -d '.' -f 1`
    oc2=`echo "$line" | cut -d '.' -f 2`
    oc3=`echo "$line" | cut -d '.' -f 3`
    oc4=`echo "$line" | cut -d '.' -f 4`
    echo "$oc1.$oc2.$oc3.0/24" >> twentyfour.srt
done

sort -u twentyfour.srt > twentyfour.txt
rm -f twentyfour.srt
ori=`cat /usr/local/blocks/blocks.txt | wc -l`
new=`cat twentyfour.txt | wc -l`
echo "$ori"
echo "$new"

将其从4,452个条目减少到4,148个条目。

而不是:

109.86.9.93
109.86.26.77
109.86.55.225
109.86.70.224
109.86.87.199
109.86.89.202
109.86.95.248
109.86.100.19
109.86.110.43
109.86.145.216
109.86.152.86
109.86.155.238
109.86.156.54
109.86.187.91
109.86.228.86
109.86.234.51
109.86.239.61

我现在有:

109.86.100.0/24
109.86.110.0/24
109.86.145.0/24
109.86.152.0/24
109.86.155.0/24
109.86.156.0/24
109.86.187.0/24
109.86.228.0/24
109.86.234.0/24
109.86.239.0/24
109.86.26.0/24
109.86.55.0/24
109.86.70.0/24
109.86.87.0/24
109.86.89.0/24
109.86.9.0/24
109.86.95.0/24

一切都很好。但是,109.86。区域有17个条目。在前两个八位字节与/ 24上的5个条目匹配的情况下,我想将其减少到/ 16。

这就是我被困住的地方。

更新2:

史蒂夫:Here's the block list for today.这里是result so far.显然,它并没有从二十四中删除十六分之一的近似重复条目。

1 个答案:

答案 0 :(得分:3)

我希望我能告诉你这是一个简单的过滤器。但是,所有2.0.0.0/8网络都已注册到RIPE NCC。有太多不同范围的被阻止的IP地址,它更容易缩小您想要的访问者范围与您不想要的范围。

您还可以使用各种工具来自动阻止攻击。

映射以确定哪个是哪个。 https://www.iana.org/numbers 这是我刚刚为您制作的剧本。然后,您可以为每个主要注册表创建主要阻止列表。 Afrinic,Lacnic,Apnic,Ripe和Arin。 的 create_tables_by_registry.sh

只需运行此脚本...然后运行以下registry.sh文件。 (例如,mature.sh)

#!/bin/bash
# Author: Steve Kline
# Date: 03-04-2014
# Designed and tested to run on properly on CentOS 6.5
#Grab Updated IANA Address Space Assignments only if Newer Version
    wget -N https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt
assigned=ipv4-address-space.txt
arrayregistry=( afrinic apnic arin lacnic ripe )
for registry in "${arrayregistry[@]}"
do
#Clean up the ipv4-address-space.txt file and keep useable IPs
grep "$registry" $assigned | sed 's/\/8/\.0\.0\.0\/8/g'| colrm 15 > $registry-tmp1.txt
ip=($(cat $registry-tmp1.txt))
echo "#!/bin/bash" > $registry.sh
for ip in "${ip[@]}"
    do
    echo $ip | sed -e 's/"   "//g'  > $registry-tmp2.txt
    #INSERT OR MODIFY YOUR COMPATIBLE FIREWALL RULES HERE
    #This section creates the country to block.
    echo "iptables -A INPUT -s $ip -j DROP" >> $registry.sh
    chmod +x $registry.sh
done
    rm $registry-tmp1.txt -f
    rm $registry-tmp2.txt -f
done

确定!好吧,我回来了,这里有点疯狂,还有一点点坚果......我想我帮你解决了这个问题。我相信你可以拼凑一个修改,以更好地满足你的需求。

#MODIFY FOR YOUR LIST OF IP ADDRESSES
BADIPS=block.ip
twentyfour=./twentyfour.ips #temp file for all IPs converted to twentyfour net ids
sixteen=./sixteen.ips   #temp file for sixteen bit
twentyfourlst1=./twentyfour1.txt    #temp file for 24 bit IDs
twentyfourlst2=./twentyfour2.txt    #temp file for 24 bit IDs filtered by 16 bit IDs that match
sixteenlst=./sixteen.txt    #temp file for parsed sixteenbit
#MODIFY FOR YOUR OUTPUT OF CIDR ADDRESSES
finalfile=./blockips.list   #Final file post-merge

cat $BADIPS | while read line; do
oc1=`echo "$line" | cut -d '.' -f 1`
oc2=`echo "$line" | cut -d '.' -f 2`
oc3=`echo "$line" | cut -d '.' -f 3`
oc4=`echo "$line" | cut -d '.' -f 4`
echo "$oc1.$oc2.$oc3.0/24" >> $twentyfour
echo "$oc1.$oc2.0.0/16" >> $sixteen
done
awk '{i=1;while(i <= NF){a[$(i++)]++}}END{for(i in a){if(a[i]>4){print i,a[i]}}}' $sixteen | sed 's/ [0-9]\| [0-9][0-9]\| [0-9][0-9][0-9]//g' > $sixteenlst
sort -u $twentyfour > twentyfour.txt
# THIS FINDS NEAR DUPLICATES MATCHING FIRST TWO OCTETS
cat $sixteenlst | while read line; do
   oc1=`echo "$line" | cut -d '.' -f 1`
   oc2=`echo "$line" | cut -d '.' -f 2`
   oc3=`echo "$line" | cut -d '.' -f 3`
   oc4=`echo "$line" | cut -d '.' -f 4`
   grep "\b$oc1.$oc2\b" twentyfour.txt >> duplicates.txt    
done
#THIS REMOVES THE NEAR DUPLICATES FROM THE TWENTYFOUR FILE
fgrep -vw -f duplicates.txt twentyfour.txt > twentyfourfinal.txt
#THIS MERGES BOTH RESULTS
cat twentyfourfinal.txt $sixteenlst > $finalfile
sort -u $finalfile
ori=`cat $BADIPS | wc -l`
new=`cat $finalfile | wc -l`
echo "$ori"
echo "$new"
#LAST MIN CLEANUP
rm -f $twentyfour $twentyfourlst $sixteen $sixteenlst duplicates.txt twentyfourfinal.txt

回去修理:我注意到了一个问题......原本不成功。 `grep“$ oc1。$ oc1”twentyfour.txt&gt; duplicates.txt

  

例如:旧的脚本在此测试IP范围内有不良结果...现在上面的更新版本......完全符合预期。完全匹配八位字节..而不是类似的。

192.168.1.1
192.168.2.50
192.168.5.23
192.168.14.10
192.168.10.5
192.168.24.25
192.165.20.10
10.192.168.30
5.76.10.20
5.76.20.30
5.76.250.10
5.76.34.10
5.76.50.30
95.76.30.1    - Old script matched this to 5.76
20.20.5.5
20.20.10.10
20.20.16.50
20.20.205.20
20.20.60.20
205.20.16.20 - not a  problem
20.205.150.150 - Old script matched this to 20.20
220.20.16.0 - Also failed without adding -w parameter to the last grep to only match exact strings.