由于新來的同事對腳本不是很熟悉,為了方便管理服務器上的iptables,于是決定寫上個簡單的腳本,這樣對不是很熟悉腳本的同事都能簡單管理。以下的腳本只是用一個循環就搞定了!如果哪里寫的不好,或者有更好的想法或者寫法,麻煩聯系我!!!
[root@linuxso.com ~]# cat iptables.sh
#!/bin/bash
while [ "1" == "1" ]
do
clear
echo "----------------------menu----------------------"
echo "(1) service iptables restart"
echo "(2) iptables add"
echo "(3) iptables delete"
echo "(4) iptables stop"
echo "(5) iptables save(輸完ACL后要記得保存和查看)"
echo "(6) iptables status"
echo "(7) iptables ACL list"
echo "(0) exit"
echo "-------------------------------------------------"
echo -n "enter you chose[0-7]:"
read num
if [ ${num} -lt 0 -o ${num} -gt 7 ]
then
echo "this is not between 0-7"
else
if [ "${num}" == "1" ]
then
service iptables restart&
else
if [ "${num}" == "2" ]
#######################################################
then
while [ "1" == "1" ]
do
clear
echo "----------------------add ACL----------------------"
echo "(1) 針對源IP放行添加"
echo "(2) 針對服務器端口放行添加"
echo "(3) 針對有端口和服務的ACL添加(這里要參數IP和端口 例如 0/0 80)"
echo "(4) 自定義添加"
echo "(5) 退回上一級"
echo "-------------------------------------------------"
echo -n "enter you chose[0-4]:"
read aclnum
if [ "${aclnum}" == "1" ]
then
read ip
iptables -A INPUT -s ${ip} -p tcp --dport 22 -j ACCEPT
service iptables save
elif [ "${aclnum}" == "2" ]
then
rad ip
iptables -A INPUT -p tcp --dport ${IP} -j ACCEPT
service iptables save
elif [ "${aclnum}" == "3" ]
then
read ip port
iptables -A INPUT -p tcp -s ${ip} --dport ${port} -j ACCEPT
service iptables save
elif [ "${aclnum}" == "4" ]
then
read addacl
`${addacl}`
service iptables save
else
break
fi
echo -n "是否想繼續添加: [y/n]:"
read contine
if [ "${contine}" == "n" -o "${contine}" == "N" ]
then
break
fi
done
#######################################################
else
if [ "${num}" == "3" ]
then
while [ "1" == "1" ]
do
clear
echo "---------------------delete ACL----------------------"
echo "(1) 針對源ip刪除"
echo "(2) 針對端口刪除"
echo "(3) 針對有端口和服務的ACL刪除"
echo "(4) 自定義刪除"
echo "(5) 退回上一級"
echo "-------------------------------------------------"
echo -n "enter you chose[0-5]:"
read aclnum
if [ "${aclnum}" == "1" ]
then
read ip
iptables -D INPUT -s ${ip} -p tcp --dport 22 -j ACCEPT
service iptables save
elif [ "${aclnum}" == "2" ]
then
read port
iptables -D INPUT -p tcp --dport ${port} -j ACCEPT
service iptables save
elif [ "${aclnum}" == "3" ]
then
read ip port
iptables -D INPUT -p tcp -s ${ip} --dport ${port} -j ACCEPT
service iptables save
elif [ "${aclnum}" == "4" ]
then
read deleteacl
`${deleteacl}`
service iptables save
else
break
fi
echo -n "是否想繼續添加: [y/n]:"
read contine
if [ "${contine}" == "n" -o "${contine}" == "N" ]
then
break
fi
done
###################################################################
else
if [ "${num}" == "4" ]
then
echo -e "`service iptables stop&` "
else
if [ "${num}" == "5" ]
then
echo -e "`service iptables save&`"
else
if [ "${num}" == "6" ]
then
echo -e "`service iptables status&`"
else
if [ "${num}" == "7" ]
then
while [ "1" == "1" ]
do
clear
echo "---------------------list ACL----------------------"
echo "(1) 查看當前正在使用的規則集"
echo "(2) 查看每個策略或每條規則、每條鏈的簡單流量統計"
echo "(3) 查看NAT表"
echo "(4) 自定義查看"
echo "(5) 退回上一級"
echo "-------------------------------------------------"
echo -n "enter you chose[0-5]:"
read aclnum
if [ "${aclnum}" == "1" ]
then
iptables -L
elif [ "${aclnum}" == "2" ]
then
iptables -L -n -v
elif [ "${aclnum}" == "3" ]
then
iptables -L -t nat
elif [ "${aclnum}" == "4" ]
then
read listacl
`${listacl}`
else
break
fi
echo -n "是否想繼續添加: [y/n]:"
read contine
if [ "${contine}" == "n" -o "${contine}" == "N" ]
then
break
fi
done
################################################
else
exit
fi
fi
fi
fi
fi
fi
fi
fi
echo -n "Do you contine [y/n]:"
read contine
if [ "${contine}" == "n" -o "${contine}" == "N" ]
then
exit
fi
done
新聞熱點
疑難解答
圖片精選
