目录
目录
一.网络服务
开启network服务
此脚本用于关闭NetworkManger服务重启network防止服务冲突导致IP配置无法生效
#!/bin/bash
# 获取 NetworkManager 的 Active 状态(去除括号)
status=$(systemctl status NetworkManager | grep 'Active:' | awk '{print $3}' | tr -d '()')
# 检查状态是否不是 dead
if [ "$status" != "dead" ]; then
echo "NetworkManager is not dead. Stopping NetworkManager and restarting network..."
# 停止 NetworkManager
systemctl stop NetworkManager
# 检查 systemctl stop 的退出状态
if [ $? -ne 0 ]; then
echo "Failed to stop NetworkManager."
exit 1
fi
# 重启 network 服务(注意:这个服务名可能因系统而异,例如在某些系统上可能是 'networking')
systemctl restart network
# 检查 systemctl restart 的退出状态
if [ $? -ne 0 ]; then
echo "Failed to restart network service."
exit 1
fi
echo "NetworkManager stopped and network service restarted successfully."
else
echo "NetworkManager网口IP配置
此脚本用于配置网口IP地址,简化命令行操作
#!/bin/bash
echo -e "\033[32m##此脚本用于配置网卡IP...##\033[0m\n"
# 验证网口名称
validate_interface() {
ip link show "$1" &>/dev/null || { echo -e "\033[31m错误: 输入的接口 $1 不存在!\033[0m"; exit 1; }
}
# 验证 IP 地址格式
validate_ip() {
[[ $1 =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] || { echo -e "\033[31m错误:输入的IP不正确: $1\033[0m"; exit 1; }
}
# NetworkManager服务配置
NetworkManager_config() {
local eth=$1
systemctl restart NetworkManager
nmcli connection show | grep "$eth" | awk '{print $1}' | xargs -r nmcli connection delete &>/dev/null
read -p "请选择 1) 静态IP ; 2) DHCP:" num1
case $num1 in
1)
read -p "请输入网口IP:" ip
read -p "请输入掩码位数(例如:24):" netmask
validate_ip "$ip"
nmcli connection add type ethernet con-name $eth ifname $eth ipv4.method manual ipv4.address $ip/$netmask autoconnect yes
read -p "请输入是否配置网关:1) 是 ; 2) 否:" num3
[ $num3 -eq 1 ] && read -p "请输入网关:" gateway && nmcli connection modify $eth ipv4.gateway $gateway
;;
2)
nmcli connection add type ethernet con-name $eth ifname $eth ipv4.method auto autoconnect yes
;;
*)
echo -e "\033[31m错误:无效的选择,请输入 1 或 2。\033[0m"; exit 1
;;
esac
nmcli connection up $eth
}
# network 服务配置
network() {
read -p "请输入网卡名:" eth
config="/etc/sysconfig/network-scripts/ifcfg-${eth}"
[ -n "$(ifconfig $eth | grep -w "inet" | awk '{print $2}')" ] && {
echo -e "\033[31m该网卡已存在IP,是否继续配置!\033[0m"
read -p "选择(1)是/(2)否:" num
[ $num -eq 1 ] || exit 1
}
[ -z "$(find /etc/sysconfig/network-scripts/ -name "ifcfg-$eth")" ] && {
echo -e "\033[33m正在创建网卡配置文件...\033[0m"
cat <<EOF > "$config"
TYPE=Ethernet
BOOTPROTO=none
NAME=$eth
DEVICE=$eth
ONBOOT=yes
EOF
echo -e "\033[32m创建成功...\033[0m"
}
sed -i '/IPADDR\|NETMASK\|GATEWAY\|DNS1/d' "$config"
read -p "请输入IP:" eth_ip
read -p "请输入掩码:" eth_mask
sed -i 's/^ONBOOT=no$/ONBOOT=yes/' "$config"
sed -i 's/^BOOTPROTO=.*/BOOTPROTO=static/' "$config"
echo "IPADDR=$eth_ip" >> "$config"
echo "NETMASK=$eth_mask" >> "$config"
while true; do
read -p "配置网关选1,DNS选2,完成/不配置选3:" num
case $num in
1)
read -p "请输入网关IP:" GateWay
echo "GATEWAY=$GateWay" >> "$config"
;;
2)
read -p "请输入DNS地址:" DNS
echo "DNS1=$DNS" >> "$config"
;;
3)
break
;;
*)
echo -e "\033[31m无效的选择,请重新输入。\033[0m"
;;
esac
done
systemctl disable NetworkManager &>/dev/null && systemctl stop NetworkManager &>/dev/null
systemctl restart network || { echo "Failed to restart network service."; exit 1; }
echo "Success to restart network service."
}
# 录入基本信息
read -p "选择网络服务:1)NetworkManager ; 2)network:" num
case $num in
1)
read -p "输入网口名称:" eth
validate_interface "$eth"
NetworkManager_config "$eth"
;;
2)
network
;;
*)
echo -e "\033[31m错误:无效的选择,请输入 1 或 2。\033[0m"
;;
esac聚合口配置
此脚本用于自动配置聚合口
#!/bin/bash
#删除网卡连接
config(){
connection1=$(nmcli connection delete $interface1 2>/dev/null)
connection2=$(nmcli connection delete $interface2 2>/dev/null)
connection_bond=$(nmcli connection delete bond0 2>/dev/null)
}
# 检查是否存在 bond0 连接
check(){
if nmcli connection show | grep -q 'bond0'; then
echo -e "\033[33m警告: 已存在bond0\033[0m"
read -p "是否删除bond0,请输入(Y/N):" num
[ "$num" = "Y" ] && config || exit 1
fi
}
# 验证 IP 地址格式
validate_ip() {
local ip=$1
local valid=$(echo "$ip" | grep -E '^([0-9]{1,3}\.){3}[0-9]{1,3}$')
if [ -z "$valid" ]; then
echo -e "\033[31m错误:输入的IP不正确: $ip\033[0m"
exit 1
fi
}
# 验证网口名称
validate_interface() {
local interface=$1
if ! ip link show "$interface" &>/dev/null; then
echo -e "\033[31m错误: 输入的接口 $interface 不存在!\033[0m"
exit 1
fi
}
# 通用配置
config1() {
nmcli connection add type ethernet slave-type bond con-name "$interface1" ifname "$interface1" master bond0 2>/dev/null
nmcli connection add type ethernet slave-type bond con-name "$interface2" ifname "$interface2" master bond0 2>/dev/null
nmcli connection modify bond0 ipv4.addresses "$ip_address/24" ipv4.method manual connection.autoconnect yes 2>/dev/null
nmcli connection modify bond0 connection.autoconnect-slaves 1 2>/dev/null
nmcli connection up bond0 2>/dev/null
}
# 获取用户输入
config2() {
read -p "请输入bond口IP:" ip_address
validate_ip "$ip_address"
read -p "绑定的网口1:" interface1
validate_interface "$interface1"
read -p "绑定的网口2:" interface2
validate_interface "$interface2"
}
# 配置 bond 口为主备模式
backup_mode() {
config2
check
nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup,miimon=100,primary=$interface1" 2>/dev/null
config1
echo -e "\033[32mbond口主备模式配置成功...\033[0m"
echo -e "\033[33m当前活动网口:\033[0m$interface1"
}
# 配置 bond 口为 bond3 即广播模式
bond3_mode() {
config2
check
nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=broadcast,miimon=100" 2>/dev/null
config1
echo -e "\033[32mbond口广播模式配置成功...\033[0m"
}
# 配置 bond 口为bond6 即双向负载均衡
bond6_mode(){
config2
check
nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=balance-alb,miimon=100" 2>/dev/null
config1
echo -e "\033[32mbond口负载均衡(双向)模式配置成功...\033[0m"
}
echo -e "\033[32m=== bond口网络模式选择 ===\033[0m"
echo "1. 主备模式:mode=1"
echo "2. 广播模式:mode=3"
echo "3. 负载均衡:mode=6"
echo -e "\033[32m==========================\033[0m"
read -p "请选择网络模式[1-3]:" num
case $num in
1)
backup_mode
;;
2)
bond3_mode
;;
3)
bond6_mode
;;
*)
echo -e "警告:请输入数字[1-3]"
exit 1
;;
esac
# 刷新配置
nmcli connection reload
浮动IP配置
#!/bin/bash
echo -e "\033[32m##此脚本用于配置浮动IP##\033[0m"
echo " "
read -p "输入配置浮动IP的网卡名称:" eth
read -p "输入浮动IP:" floot_ip
read -p "输入浮动IP掩码:" floot_ip_mask
cp /etc/sysconfig/network-scripts/ifcfg-$eth /etc/sysconfig/network-scripts/ifcfg-$eth:01
sed -i "/IPADDR/ d" /etc/sysconfig/network-scripts/ifcfg-$eth:01
sed -i "/NETMASK/ d" /etc/sysconfig/network-scripts/ifcfg-$eth:01
sed -i "/DNS/ d" /etc/sysconfig/network-scripts/ifcfg-$eth:01
sed -i "/GATEWAY/ d" /etc/sysconfig/network-scripts/ifcfg-$eth:01
sed -i "s/NAME=$eth/NAME=$eth:01/" /etc/sysconfig/network-scripts/ifcfg-$eth:01
sed -i "s/DEVICE=$eth/DEVICE=$eth:01/" /etc/sysconfig/network-scripts/ifcfg-$eth:01
echo "IPADDR=$floot_ip" >> /etc/sysconfig/network-scripts/ifcfg-$eth:01
echo "NETMASK=$floot_ip_mask" >> /etc/sysconfig/network-scripts/ifcfg-$eth:01
systemctl restart network
ifup $eth:01
二.ntp服务脚本
#!/bin/bash
# 检查chrony服务是否安装
function_chrony_check() {
rpm -q chrony > /dev/null 2>&1 || { echo "对时服务未安装,正在安装..."; function_yum; }
}
# 安装chrony服务
function_yum() {
yum install -y chrony > /dev/null 2>&1 || { echo "安装失败,请检查yum源..."; exit 1; }
echo "对时服务安装成功..."
}
# 重启chrony服务
function_chrony_restart() {
systemctl restart chronyd.service
[ $? -eq 0 ] && echo "对时服务启动成功..." || { echo -e "\033[31m对时服务启动失败"; exit 1; }
}
# 防火墙配置
function_firewalld() {
status=$(systemctl status firewalld | grep "Active" | awk '{print $3}' | tr -d "()")
if [ "$status" == "running" ]; then
firewall-cmd --add-port=123/udp --permanent 2>&1 | grep -v "ALREADY_ENABLED"
firewall-cmd --add-port=123/udp --permanent 2>&1 | grep -v "ALREADY_ENABLED"
firewall-cmd --reload
fi
}
# 时间同步状态检查
function ntp_status_check() {
echo -e "\033[33m检查客户端对时状态,过程持续一分钟...\033[0m"
MAX_WAIT_TIME=60
START_TIME=$(date +%s)
hostname=$(grep "$ntp_source_ip" /etc/hosts | awk '{print $2}')
while true; do
ELAPSED_TIME=$(( $(date +%s) - START_TIME ))
if [ $ELAPSED_TIME -gt $MAX_WAIT_TIME ];then
echo -e "\033[31m对时失败\033[0m";exit 1
fi
if chronyc sources | grep -q "^\\s*\\^\\*\\s*$ntp_source_ip";then
echo -e "\033[32m对时成功...\033[0m";break;
fi
if chronyc sources | grep -q "^\\s*\\^\\*\\s*$hostname";then
echo -e "\033[32m对时成功...\033[0m";break;
fi
sleep 5
done
}
# 时间源配置
function_ntp_source() {
read -p "请输入允许对时的网段(如:192.168.1.0):" ntp_client_ip
read -p "请输入掩码位数(如:24):" mask
num1=$(grep "iburst" /etc/chrony.conf | head -n 1 | awk '{print $1}')
num2=$(grep "iburst" /etc/chrony.conf | head -n 1 | awk '{print $2}')
sed -i "s/^${num1} ${num2} iburst/${num1} 127.127.1.0 iburst/g" /etc/chrony.conf
sed -i "s/^#allow 192.168.0.0\/16/allow ${ntp_client_ip}\/${mask}/g" /etc/chrony.conf
sed -i "s/^#local stratum 10/local stratum 10/" /etc/chrony.conf
hwclock -w
function_firewalld
function_chrony_restart
}
# 客户端配置
function_ntp_client() {
read -p "请输入时间源服务器IP:" ntp_source_ip
ping -c 3 -W 1 "$ntp_source_ip" > /dev/null 2>&1
[ $? -eq 0 ] && echo "时间源IP地址正确..." || { echo "客户端无法ping通时间源!!!"; exit 1; }
num1=$(grep "iburst" /etc/chrony.conf | head -n 1 | awk '{print $1}')
num2=$(grep "iburst" /etc/chrony.conf | head -n 1 | awk '{print $2}')
sed -i "s/^${num1} ${num2} iburst/${num1} ${ntp_source_ip} iburst/g" /etc/chrony.conf
function_firewalld
function_chrony_restart
ntp_status_check
}
# 选择配置时间源/客户端
function_choose() {
echo -e "\033[32m===\033[0m此脚本用于配置对时服务...\033[32m===\033[0m"
echo -e "===\033[33m请先配置时间源...\033[0m==="
echo " "
read -p "请选择配置时间源(1)/客户端(2):" num
[ $num -eq 1 ] && function_ntp_source || function_ntp_client
}
function_chrony_check
function_choose
三.DNS服务脚本
正向解析:
#!/bin/bash
echo -e "\033[32m此脚本用于配置DNS正向解析...\033[0m"
echo -e "\033[32m使用案例:\033[0m若要解析www.baiduu.com,顶级域名输入:baidu.com,子域名输入:www"
echo " "
#检查是否安装dns服务
dns_yum_check(){
dns_yum=$(rpm -qa bind)
if [ -z "$dns_yum" ];then
echo -e "\033[31mDNS服务未安装,尝试安装DNS服务...\033[0m"
yum install bind -y
if [ $? -eq 1 ];then
echo -e "\033[31mDNS服务安装失败,请检查YUM源!!!\033[0m"
fi
else
echo -e "\033[32mDNS服务已安装,进入配置环节...\033[0m"
fi
echo " "
}
#DNS配置文件初始化函数
initialize_config(){
read -p "请输入顶级域名(如:baidu.com):" father_dns
father_dns1=$(grep -w "zone" /etc/named.conf | awk '{print $2}' | tr -d '"')
named_ca=$(grep -iE '^\s*file\s+"\S*"' /etc/named.conf | awk 'NR==2 {gsub(/[";]/, ""); print $2}')
sed -i "s/127.0.0.1/any/" /etc/named.conf
sed -i "s/localhost;/any;/" /etc/named.conf
}
#部署DNS正向解析
forward_resolution(){
initialize_config
sed -i "s/zone \"${father_dns1}\" IN/zone \"${father_dns}\" IN/" /etc/named.conf /etc/named.conf
sed -i "s/type hint/type master/" /etc/named.conf
sed -i "s/$named_ca/named.${father_dns}/" /etc/named.conf
son_dns_config
}
#初始化函数2
initialize_config2(){
read -p "请输入顶级域名的子域名(如:www):" son_dns
read -p "请输入子域名映射的IP:" son_dns_ip
echo "${son_dns} IN A ${son_dns_ip}" >> /var/named/named.$father_dns
}
#部署子域名与IP映射关系
son_dns_config(){
touch /var/named/named.$father_dns
cp /var/named/named.localhost /var/named/named.$father_dns
ns_dns=$(hostname)
eth=$(ip a | grep "^2" | awk -F ":" '{print $2}')
ns_ip=$(ifconfig $eth | grep -w "inet" |awk '{print $2}')
sed -i "/NS/ d" /var/named/named.$father_dns
sed -i "/127.0.0.1/ d" /var/named/named.$father_dns
sed -i "/AAAA/ d" /var/named/named.$father_dns
sed -i "s/@/ns.${ns_dns}/2" /var/named/named.$father_dns
echo " IN NS ns.${ns_dns}." >> /var/named/named.$father_dns
echo "ns IN A ${ns_ip}" >> /var/named/named.$father_dns
initialize_config2
other_sondns_config
}
#部署其它子域名
other_sondns_config(){
read -p "是否继续配置其他子域名-->选择:(1)是/(2)否:" num
if [ $num -eq 1 ];then
initialize_config2
fi
echo " "
echo "若要配置额外的正向解析,请执行单独的脚本,详见博客链接:https://blog.youkuaiyun.com/zhoutong2323/article/details/143810052"
}
#重启DNS服务并关闭防火墙
service(){
systemctl restart named.service
if [ $? -eq 0 ];then
echo -e "\033[32mDNS正向解析配置成功...\033[0m"
else
echo -e "\033[31mDNS正向解析配置失败!!!\033[0m"
fi
systemctl stop firewalld
setenforce 0
}
dns_yum_check
forward_resolution
service
配置额外的正向解析脚本
#!/bin/bash
echo -e "\033[32m此脚本用于配置额外的DNS正向解析...\033[0m"
echo -e "\033[31m执行此脚本前请先执行DNS正向解析脚本进行初始化配置!!\033[0m"
#部署正向解析
forward_resolution(){
read -p "请输入顶级域名(如:baidu.com):" father_dns
echo "zone \"$father_dns\" IN {
type master;
file \"named.$father_dns\";
};" >> /etc/named.conf
initialize_function
son_dns_config
}
#初始化函数
initialize_function(){
touch /var/named/named.$father_dns
cp /var/named/named.localhost /var/named/named.$father_dns
ns_dns=$(hostname)
eth=$(ip a | grep "^2" | awk -F ":" '{print $2}')
ns_ip=$(ifconfig $eth | grep -w "inet" |awk '{print $2}')
sed -i "/NS/ d" /var/named/named.$father_dns
sed -i "/127.0.0.1/ d" /var/named/named.$father_dns
sed -i "/AAAA/ d" /var/named/named.$father_dns
sed -i "s/@/ns.${ns_dns}/2" /var/named/named.$father_dns
echo " IN NS ns.${ns_dns}." >> /var/named/named.$father_dns
echo "ns IN A ${ns_ip}" >> /var/named/named.$father_dns
}
#部署IP与域名的反向解析
son_dns_config(){
read -p "请输入顶级域名的子域名(如:www)::" son_dns
read -p "请输入子域名对应的IP:" son_ip
echo "${son_dns} IN A ${son_ip}." >> /var/named/named.$father_dns
other_dns_config
}
#部署其他IP反向解析
other_dns_config(){
read -p "是否继续配置其他IP反向解析-->选择:(1)是/(2)否:" num
if [ $num -eq 1 ];then
son_ip_config
fi
}
#重启DNS服务
dns_restart(){
systemctl restart named
if [ $? -eq 0 ];then
echo -e "\033[32mDNS反向解析配置成功...\033[0m"
else
echo -e "\033[31mDNS反向解析配置失败!!!\033[0m"
fi
}
forward_resolution
dns_restart
反向解析:
#!/bin/bash
echo -e "\033[32m此脚本用于配置DNS反向解析,执行前请先执行DNS正向解析脚本...\033[0m"
echo " "
echo -e "\033[31m以IP:192.168.1.200解析为www.baidu.com为例-->\033[0m"
echo -e "\033[32m使用方法:\033[0m\033[31m反向解析的IP网络位输入时需要从右向左输入,如:1.168.192!!!\033[0m"
echo -e " "
#部署反向解析
Reverse_Resolution(){
read -p "请输入反向解析IP的网络位(按照使用方法输入!):" reserve_ip
echo "zone \"$reserve_ip.in-addr.arpa\" IN {
type master;
file \"named.$reserve_ip\";
};" >> /etc/named.conf
initialize_function
son_ip_config
}
#初始化函数
initialize_function(){
touch /var/named/named.$reserve_ip
cp /var/named/named.localhost /var/named/named.$reserve_ip
ns_dns=$(hostname)
sed -i "/NS/ d" /var/named/named.$reserve_ip
sed -i "/127.0.0.1/ d" /var/named/named.$reserve_ip
sed -i "/AAAA/ d" /var/named/named.$reserve_ip
sed -i "s/@/ns.${ns_dns}/2" /var/named/named.$reserve_ip
echo " IN NS ns.${ns_dns}." >> /var/named/named.$reserve_ip
}
#部署IP与域名的反向解析
son_ip_config(){
read -p "请输入反向解析IP的主机位(如:200):" reserve_ip2
read -p "请输入IP对应的域名(如:www.baidu.com):" dns
echo "${reserve_ip2} IN PTR ${dns}." >> /var/named/named.$reserve_ip
other_ip_config
}
#部署其他IP反向解析
other_ip_config(){
read -p "是否继续配置其他IP反向解析-->选择:(1)是/(2)否:" num
if [ $num -eq 1 ];then
son_ip_config
fi
}
#重启DNS服务
dns_restart(){
systemctl restart named
if [ $? -eq 0 ];then
echo -e "\033[32mDNS反向解析配置成功...\033[0m"
else
echo -e "\033[31mDNS反向解析配置失败!!!\033[0m"
fi
}
Reverse_Resolution
dns_restart四.本地YUM源配置
#!/bin/bash
# 检查是否以 root 权限运行
[ "$(id -u)" -ne 0 ] && { echo -e "\033[31m请使用 root 权限执行此脚本。\033[0m"; exit 1; }
echo -e "\033[32m===\033[0m此脚本用于自动配置本地 YUM 源...\033[32m===\033[0m"
# 查找 ISO 文件
iso_file=$(find /opt -type f -name "*.iso")
[ -z "$iso_file" ] && { echo -e "\033[33m请上传当前系统的 iso 文件至 /opt 目录..\033[0m"; exit 1; }
# 生成唯一的本地 YUM 源配置文件名,避免冲突
local_repo_file="/etc/yum.repos.d/local_$(date +%s).repo"
# 创建本地 YUM 源配置文件
cat << EOF > "$local_repo_file"
[local]
name=local
baseurl=file:///mnt
enabled=1
gpgcheck=0
EOF
# 添加 ISO 挂载信息到 fstab
grep -q "$iso_file /mnt" /etc/fstab || echo "$iso_file /mnt iso9660 loop,defaults 0 0" >> /etc/fstab
# 执行挂载操作并处理结果
mount_output=$(mount -a 2>&1)
if [ $? -ne 0 ]; then
echo "$mount_output" | grep -q "write-protected" \
&& echo -e "\033[32m镜像文件 ISO 默认以只读模式挂载,不会影响 YUM 源使用\033[0m" \
|| { echo -e "\033[31m挂载 ISO 文件失败,请检查相关配置。\033[0m"; exit 1; }
else
echo -e "\033[32m镜像文件挂载成功..\033[0m"
fi
# 清理 YUM 缓存并检查结果
yum clean all > /dev/null 2>&1 || { echo -e "\033[31m清理 YUM 缓存失败,请检查 YUM 源配置。\033[0m"; exit 1; }
# 生成 YUM 缓存并检查结果
yum makecache > /dev/null 2>&1 || { echo -e "\033[31m生成 YUM 缓存失败,请检查 YUM 源配置。\033[0m"; exit 1; }
echo -e "\033[32mYUM 源部署成功!\033[0m"
五.防火墙规则配置脚本
if ! systemctl is-active --quiet firewalld; then
echo "firewalld 服务未运行,正在启动..."
systemctl start firewalld
if [ $? -ne 0 ]; then
echo "无法启动 firewalld 服务,请检查。"
exit 1
fi
systemctl enable firewalld
fi
function_five(){
# 提示用户输入五元组信息
read -p "请输入源 IP 地址: " src_ip
read -p "请输入目的 IP 地址: " dst_ip
read -p "请输入源端口: " src_port
read -p "请输入目的端口: " dst_port
read -p "请输入协议 (tcp/udp): " protocol
# 提示用户选择操作(拒绝或放行)
echo "请选择操作:"
echo "1. 拒绝"
echo "2. 放行"
read -p "输入选项 (1/2): " choice
}
# 询问是否配置区域规则
read -p "是否要配置区域规则?(y/n): " configure_zone
if [ "$configure_zone" = "y" ]; then
# 获取可用区域列表
zones=$(firewall-cmd --get-zones)
echo "可用区域: $zones"
read -p "请输入要使用的区域: " zone
# 获取可用接口列表
interfaces=$(ip link show | awk -F': ' '{print $2}' | grep -v '^lo$')
echo "可用接口: $interfaces"
read -p "请输入要加入区域的接口: " interface
# 将接口加入指定区域
firewall-cmd --permanent --zone="$zone" --add-interface="$interface"
if [ $? -eq 0 ]; then
echo "接口 $interface 已成功加入区域 $zone。"
else
echo "将接口 $interface 加入区域 $zone 失败。"
exit 1
fi
function_five
# 生成规则字符串
if [ "$choice" = "1" ]; then
action="reject"
else
action="accept"
fi
rule='rule family="ipv4" source address="'$src_ip'" destination address="'$dst_ip'" port port="'$dst_port'" protocol="'$protocol'" '$action
# 检查规则是否已经存在
existing_rules=$(firewall-cmd --permanent --zone="$zone" --list-rich-rules)
if echo "$existing_rules" | grep -q "$rule"; then
echo "规则已经存在,正在删除原有规则..."
firewall-cmd --permanent --zone="$zone" --remove-rich-rule="$rule"
if [ $? -eq 0 ]; then
echo "原有规则删除成功。"
else
echo "原有规则删除失败。"
exit 1
fi
fi
# 重新添加规则
firewall-cmd --permanent --zone="$zone" --add-rich-rule="$rule"
if [ $? -eq 0 ]; then
echo -e "\033[32m规则已成功添加到规则链表末尾,将被最后执行\033[0m"
echo "正在重新加载防火墙规则..."
firewall-cmd --reload
if [ $? -eq 0 ]; then
echo "防火墙规则重新加载成功。"
else
echo "防火墙规则重新加载失败。"
fi
else
echo "规则添加失败。"
fi
else
function_five
# 生成规则字符串
if [ "$choice" = "1" ]; then
action="reject"
else
action="accept"
fi
rule='rule family="ipv4" source address="'$src_ip'" destination address="'$dst_ip'" port port="'$dst_port'" protocol="'$protocol'" '$action
# 检查规则是否已经存在
existing_rules=$(firewall-cmd --permanent --list-rich-rules)
if echo "$existing_rules" | grep -q "$rule"; then
echo "规则已经存在,正在删除原有规则..."
firewall-cmd --permanent --remove-rich-rule="$rule"
if [ $? -eq 0 ]; then
echo "原有规则删除成功。"
else
echo "原有规则删除失败。"
exit 1
fi
fi
# 重新添加规则
firewall-cmd --permanent --add-rich-rule="$rule"
if [ $? -eq 0 ]; then
echo -e "\033[32m规则已成功添加到规则链表末尾,将被最后执行\033[0m"
echo "正在重新加载防火墙规则..."
firewall-cmd --reload
if [ $? -eq 0 ]; then
echo "防火墙规则重新加载成功。"
else
echo "防火墙规则重新加载失败。"
fi
else
echo "规则添加失败。"
fi
fi
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
