#!/bin/bash
#created by Szymon Machajewski 
#smachaje@grcc.edu, support@dataii.com

. ~/.bash_profile

logfile="/root/"`hostname`"_blockedIP.log"
pager="your_phone_number@messaging.sprintpcs.com"

q=`netstat -utpn 2>/dev/null | grep -c ":80 "`

        if [ $q -eq 0 ]; then
                exit
        fi


l=`netstat -utpn 2>/dev/null | grep ":80 " | cut -c49-76 | cut -f1 -d":" | sort | uniq -c | sort -g | tail -1`

nstr=`echo $l | cut -f1 -d" "`

#modify 500 to fit your total connection limit.  Normal connections can be between 1-150 or so.
           if [ $nstr -gt 500 ]; then
                ipstr=`echo $l | cut -f2 -d" "`
                date >> $logfile 
                echo $nstr $ipstr >> $logfile
                /sbin/iptables -A INPUT -s $ipstr -j REJECT 
                echo $nstr $ipstr | mail -s "locked ip" $pager
           fi