I need a shell scipt to get 2 variables per line and then run a command var 1 is over 5

This will be in a cronjob run every 10 minutes

# netstat -an | grep FIN_WAIT2 | awk {'print $5'} | egrep -o -e "[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}" | sort -n | uniq -c

1 59.16.157.234
1 68.146.16.24
103 66.41.61.85
113 67.138.240.10
5 67.15.188.37
1 67.15.191.12
155 67.15.203.30
19 67.18.113.196
1 81.208.34.83
1 83.50.170.92
1 84.103.227.56

What programming language should I use?

My guess is:
#!/bin/bash
for i in `netstat -an | grep FIN_WAIT2 | awk {'print $5'} | egrep -o -e "[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}\.[0-9]{2,3}" | sort -n | uniq -c`;
do
$a = `$i | awk {'print $1'}`;
$b = `$i | awk {'print $2'}`;
if($a > 5)
then `apf -d $b`;
#I use the apf firewall and the command to block it is apf -d ip
done;

Is that the best way to do it?

If so what would the correct syntax be?

Use flag "-t" with netstat to narrow scope to TCP only (slightly faster), make sure to escape curly brakes with grep. For the rest it looks OK:

#!/bin/sh
netstat -ant | grep FIN_WAIT2 | awk {'print $5'} | grep -o -e "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | \sort -n | uniq -c | while read count ip; do [ "$count" -gt "5" ] && apf -d $ip; done; exit 0

* A slightly "better" answer would be to tune your TCP stack values and application behaviour first and use Iptables limiting (hash or recent) if you have probs. Only then, when nasties keep ocurring, you should IMHO resort to "kludges" like this.

Thanks man!