背景
由于使用阿里云ECS,所以需要配合阿里云安全组频繁操作firewall,固写此脚本简化操作步骤。
脚本
#!/bin/bash
##############################
# Designed by HCWEI #
# DATE: 2018-10-26 #
# Firewall Management Tool #
##############################
#添加防火墙端口规则
function_add(){
read -p "请输入要添加的端口号:" input_num
read -p "请选择端口类型号(1.tcp|2.udp):" input_proto
proto=tcp
[ ${input_proto} == 2 ]&& proto=udp
echo -e "
\033[37m------------您正在添加端口规则------------\033[0m
端口:\033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
\033[37m------------------------------------------\033[0m"
firewall-cmd --zone=public --add-port=${input_num}/${proto} --permanent &>/dev/null
[ $? == 0 ] && echo -e "添加规则 [\033[32msuccess\033[0m]"
firewall-cmd --reload &>/dev/null
function_list
}
#删除防火墙端口规则
function_del(){
read -p "请输入要删除的端口号:" input_num
read -p "请选择端口类型号(1.tcp|2.udp):" input_proto
proto=tcp
[ ${input_proto} == 2 ]&& proto=udp
echo -e "
\033[37m------------您正在删除端口规则------------\033[0m
端口:\033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
\033[37m------------------------------------------\033[0m"
firewall-cmd --zone=public --remove-port=${input_num}/${proto} --permanent &>/dev/null
[ $? == 0 ] && echo -e "删除规则 [\033[32msuccess\033[0m]"
firewall-cmd --reload &>/dev/null
function_list
}
#添加指定IP端口规则
function_ip_add(){
read -p "请输入IP地址:" input_ip
read -p "请输入端口号:" input_num
read -p "请选择端口类型(1.tcp|2.udp):" input_proto
read -p "请输入添加方式(1.允许|2.拒绝)" input_func
proto=tcp
[ ${input_proto} == 2 ] && proto=udp
func=accept
[ ${input_func} == 2 ] && func=reject
echo -e "
------------您正在添加端口规则------------
端口: \033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
IP地址: \033[31m${input_ip}\033[0m
添加方式:\033[31m${func}\033[0m
------------------------------------------"
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=${input_ip} port port=${input_num} protocol=${proto} ${func}" && firewall-cmd --reload &>/dev/null
function_ip_list
}
#删除指定IP端口规则
function_ip_del(){
read -p "请输入IP地址:" input_ip
read -p "请输入端口号:" input_num
read -p "请选择端口类型(1.tcp|2.udp):" input_proto
read -p "请输入添加方式(1.允许|2.拒绝)" input_func
proto=tcp
[ ${input_proto} == 2 ]&& proto=udp
func=accept
[ ${input_func} == 2 ]&& func=reject
echo -e "
------------您正在删除端口规则------------
端口: \033[31m${input_num}\033[0m
协议: \033[31m${proto}\033[0m
IP地址: \033[31m${input_ip}\033[0m
添加方式:\033[31m${func}\033[0m
------------------------------------------"
firewall-cmd --permanent --remove-rich-rule="rule family=ipv4 source address=${input_ip} port port=${input_num} protocol=${proto} ${func}" && firewall-cmd --reload &>/dev/null
function_ip_list
}
#重载防火墙
function_reload(){
firewall-cmd --reload &>/dev/null
[ $? == 0 ] && echo -e "重载防火墙 [\033[32msuccess\033[0m]"
firewall-cmd --list-all
}
#打印启用端口列表
function_list(){
echo -e "\033[37m启用端口如下:\033[0m"
firewall-cmd --list-all |awk -F ":" NR==7'{print$2}'
echo "
++++++++++++++++---END---+++++++++++++++++
"
}
#打印IP规则列表
function_ip_list(){
echo -e "\033[37m启用端口如下:\033[0m"
firewall-cmd --list-all | grep rule
echo "
++++++++++++++++---END---+++++++++++++++++
"
}
#主程序
function_main(){
echo -e "
+----------\033[1;7;31m 防火墙快捷管理工具 \033[0m----------+
+ +
+ \033[1;32m->\033[0m \033[1;37m1. 添加端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m2. 删除端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m3. 添加固定IP端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m4. 删除固定IP端口规则\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m5. 重载防火墙\033[0m +
+ +
+ \033[1;32m->\033[0m \033[1;37m6. 启用端口列表\033[0m +
+ +
+----------------\033[1;7;37m HCWEI \033[0m-----------------+
"
#+\033[1;33m(退出:q)\033[0m +
while :
do
echo -e "\033[1;3;37m请输入您需要使用的功能编号\033[0m\033[33m(退出:q)\033[0m:"
read num
case "${num}" in
1)
function_add
continue
;;
2)
function_del
continue
;;
3)
function_ip_add
continue
;;
4)
function_ip_del
continue
;;
5)
function_reload
continue
;;
6)
function_list
continue
;;
q)
exit
;;
*)
echo -e "\033[1;31m请输入正确的功能编号!!!\033[0m"
continue
;;
esac
break
done
}
function_main