shell-firewall防火墙管理工具

hcwei 2020年06月10日 80次浏览

背景

由于使用阿里云ECS,所以需要配合阿里云安全组频繁操作firewall,固写此脚本简化操作步骤。

脚本

#!/bin/bash
##############################
# Designed by HCWEI          #
# DATE: 2018-10-26           #
# Firewall Management Tool   #
##############################

#添加防火墙端口规则
function_add(){
  read -p "请输入要添加的端口号:" input_num
  read -p "请选择端口类型号(1.tcp|2.udp):" input_proto
  proto=tcp
  [ ${input_proto} == 2 ]&& proto=udp
  echo -e "
\033[37m------------您正在添加端口规则------------\033[0m
端口:\033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
\033[37m------------------------------------------\033[0m"
  firewall-cmd --zone=public --add-port=${input_num}/${proto} --permanent &>/dev/null
  [ $? == 0 ] && echo -e "添加规则 [\033[32msuccess\033[0m]"
  firewall-cmd --reload &>/dev/null
  function_list
}

#删除防火墙端口规则
function_del(){
  read -p "请输入要删除的端口号:" input_num
  read -p "请选择端口类型号(1.tcp|2.udp):" input_proto
  proto=tcp
  [ ${input_proto} == 2 ]&& proto=udp
  echo -e "
\033[37m------------您正在删除端口规则------------\033[0m
端口:\033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
\033[37m------------------------------------------\033[0m"
  firewall-cmd --zone=public --remove-port=${input_num}/${proto} --permanent &>/dev/null
  [ $? == 0 ] && echo -e "删除规则 [\033[32msuccess\033[0m]"
  firewall-cmd --reload &>/dev/null
  function_list
}

#添加指定IP端口规则
function_ip_add(){
  read -p "请输入IP地址:" input_ip
  read -p "请输入端口号:" input_num
  read -p "请选择端口类型(1.tcp|2.udp):" input_proto
  read -p "请输入添加方式(1.允许|2.拒绝)" input_func
  proto=tcp
  [ ${input_proto} == 2 ] && proto=udp
  func=accept
  [ ${input_func} == 2 ] && func=reject
  echo -e "
------------您正在添加端口规则------------
端口: \033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
IP地址: \033[31m${input_ip}\033[0m
添加方式:\033[31m${func}\033[0m
------------------------------------------"
  firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=${input_ip} port port=${input_num} protocol=${proto} ${func}" && firewall-cmd --reload &>/dev/null
  function_ip_list
}

#删除指定IP端口规则
function_ip_del(){
  read -p "请输入IP地址:" input_ip
  read -p "请输入端口号:" input_num
  read -p "请选择端口类型(1.tcp|2.udp):" input_proto
  read -p "请输入添加方式(1.允许|2.拒绝)" input_func
  proto=tcp
  [ ${input_proto} == 2 ]&& proto=udp
  func=accept
  [ ${input_func} == 2 ]&& func=reject
  echo -e "
------------您正在删除端口规则------------
端口: \033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
IP地址: \033[31m${input_ip}\033[0m
添加方式:\033[31m${func}\033[0m
------------------------------------------"
  firewall-cmd --permanent --remove-rich-rule="rule family=ipv4 source address=${input_ip} port port=${input_num} protocol=${proto} ${func}" && firewall-cmd --reload &>/dev/null
  function_ip_list
}

#重载防火墙
function_reload(){
  firewall-cmd --reload &>/dev/null
  [ $? == 0 ] && echo -e "重载防火墙 [\033[32msuccess\033[0m]"
  firewall-cmd --list-all
}

#打印启用端口列表
function_list(){
  echo -e "\033[37m启用端口如下:\033[0m"
  firewall-cmd --list-all |awk -F ":" NR==7'{print$2}'
  echo "
++++++++++++++++---END---+++++++++++++++++
"
}

#打印IP规则列表
function_ip_list(){
  echo -e "\033[37m启用端口如下:\033[0m"
  firewall-cmd --list-all | grep rule
  echo "
++++++++++++++++---END---+++++++++++++++++
"
}

#主程序
function_main(){
echo -e "
+----------\033[1;7;31m 防火墙快捷管理工具 \033[0m----------+
+ +
+ \033[1;32m->\033[0m \033[1;37m1. 添加端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m2. 删除端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m3. 添加固定IP端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m4. 删除固定IP端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m5. 重载防火墙\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m6. 启用端口列表\033[0m +
+ +
+----------------\033[1;7;37m HCWEI \033[0m-----------------+
"
#+\033[1;33m(退出:q)\033[0m +
while :
do
  echo -e "\033[1;3;37m请输入您需要使用的功能编号\033[0m\033[33m(退出:q)\033[0m:"
  read num
  case "${num}" in
    1)
      function_add
      continue
    ;;
    2)
      function_del
      continue
    ;;
    3)
      function_ip_add
      continue
    ;;
    4)
      function_ip_del 
      continue
    ;;
    5)
      function_reload
      continue
    ;;
    6)
      function_list
      continue
    ;;
    q)
      exit
    ;;
    *)
      echo -e "\033[1;31m请输入正确的功能编号!!!\033[0m"
      continue
    ;;
  esac
  break
done
}

function_main

截图:

image.png