add iptables rules

roles/deploy-web/files/blacklist.sh

@@ -3,9 +3,36 @@ MAIL=/tmp/mail
 SERVER_LOG=/var/log/nginx
 HOST=($(cat /etc/sentinel/virtualhost))
 BLACKLIST=/etc/sentinel/blacklist
+chain_count=$(iptables -L BLACKLIST | wc -l)
+if [ ${chain_count} -eq 0 ]; then
+	iptables -N BLACKLIST
+fi
 if [ ! -f ${BLACKLIST} ]; then
 	touch ${BLACKLIST}
 fi
+if [ ${chain_count} -gt 2 ]; then
+	chain_count=$(echo ${chain_count}-2 |bc)
+	iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count}  | awk '{print $8}'))
+	for i in $(cat ${BLACKLIST})
+	do
+		block_ip=1
+		for j in ${iptables_ip[@]}
+		do
+			if [ "${i}" == "${j}" ]; then
+				block_ip=0
+			fi
+		done
+		if [ ${block_ip} -eq 1 ]; then
+			iptables -A BLACKLIST -s ${i} -j DROP
+		fi
+	done
+else
+	for i in $(cat ${BLACKLIST})
+	do
+		iptables -A BLACKLIST -s ${i} -j DROP
+	done
+fi
+
 for i in ${HOST[@]}
 do
 	log_access=${SERVER_LOG}/${i}_access.log