#!/bin/bash
#十分钟之前的时间
zhiqian=$(date -d"10 minutes ago" +"%H:%M:%S")
zhiqian_ip=$(date -d "10 minutes ago" "+%Y-%m-%d %H:%M:%S" )
zhiqian_stamp=$(date -d "$zhiqian" +%s) #转换为时间戳
#现在的时间
xianzai=$(date +"%H:%M:%S")
xianzai_ip=$(date "+%Y-%m-%d %H:%M:%S")
xianzai_stamp=$(date -d "$xianzai" +%s)
access="/var/log/nginx/access.json"
while read line;do
        TIME_jq=$(echo $line |jq '.timestamp'|awk -F":" '{print $2":"$3":"$4}' | awk '{print $1}')    #使用jq命令过滤出时间并格式化
        time_jq_stamp=$(date -d "$TIME_jq" +%s)
        if [[  $time_jq_stamp -ge $zhiqian_stamp ]] && [[ $time_jq_stamp -le $xianzai_stamp ]];then   #判断小于或等于现在的时间并且大于或等于十分钟之前的时间
                #echo "$line" >> /data/script/123.txt:
                #echo $line
                host_jq=$(echo $line | jq '.host' )     #过滤出host不是www.ywcsb.vip或者ywcsb.vip的IP地址
                if [[ $host_jq != '"www.ywcsb.vip"' ]];then
                        if [[ $host_jq != '"ywcsb.vip"' ]];then
                                #echo $host_jq
                                ip=$(echo $line | jq '.remote_addr'|awk -F'"' '{print $2}' | sort | uniq)
                                iptables=$(iptables -L -v -n --line-numbers | grep $ip)
                                if [[ -z $iptables ]];then
                                         /usr/sbin/iptables -I INPUT 1 -s $ip -j DROP
                                        echo "${xianzai_ip}-${zhiqian_ip}之间的IP地址:$ip" >> /data/script/iptables-DROP.txt
                                fi
                        #echo $host_jq
                        fi
                fi
        fi
done  < $access