shell脚本:
#!/bin/bash
usage() {
echo "usage(): "
echo "xxx_network --add|-a Append rule "
echo "xxx_network --delete|-d Delete rule"
echo "xxx_network --search|-s Print the rules"
}
iptables_add() {
local ret
ret=`iptables -S | grep "N xxx_service"`
if [ ! -n "${ret}" ];then
iptables -N xxx_service
fi
ret=`iptables -S | grep "A INPUT -j xxx_service"`
if [ ! -n "${ret}" ];then
iptables -I INPUT 1 -j xxx_service
fi
ret=`iptables -S | grep "A IN_public -j xxx_service"`
if [ ! -n "${ret}" ];then
iptables -I IN_public 1 -j xxx_service
fi
ret=`iptables -S | grep "A xxx_service -p udp -m state --state NEW -m udp --dport 5000 -j ACCEPT"`
if [ ! -n "${ret}" ];then
iptables -A xxx_service -p udp -m state --state NEW -m udp --dport 5000 -j ACCEPT
fi
ret=`iptables -S | grep "A xxx_service -p tcp -m state --state NEW -m tcp --dport 60000 -j ACCEPT"`
if [ ! -n "${ret}" ];then
iptables -A xxx_service -p tcp -m state --state NEW -m tcp --dport 60000 -j ACCEPT
fi
}
iptables_delete() {
#INPUT (1,1)
INPUT_RET=`iptables -L INPUT -n --line-number | grep xxx_service | sed -n "1, 1p" | awk '{print $1}'`
if [ -n "${INPUT_RET}" ];then
iptables -D INPUT ${INPUT_RET}
fi
#IN_public (1,1)
IN_PUBLIC_RET=`iptables -L IN_public -n --line-number | grep xxx_service | sed -n "1, 1p" | awk '{print $1}'`
if [ -n "${IN_PUBLIC_RET}" ];then
iptables -D IN_public ${IN_PUBLIC_RET}
fi
XXX_SERVICE_RET=`iptables -S | grep "N xxx_service"`
if [ "${XXX_SERVICE_RET}" = "-N xxx_service" ];then
#xxx_service
XXX_RET=`iptables -L xxx_service -n --line-number | awk 'END{print NR}'`
if [ "${XXX_RET}" -gt 2 ];then
for i in $(seq 3 ${XXX_RET})
do
iptables -D xxx_service 1
done
fi
#-X xxx_service
XXX_SERVICE=`iptables -S | grep "xxx_service"`
if [ "${XXX_SERVICE}" = "-N xxx_service" ];then
iptables -X xxx_service
fi
fi
}
iptables_search() {
iptables -S
}
while :; do
case "$1" in
-a|--add)
shift
ADD=1
break
;;
-d|--delete)
shift
DELETE=1
break
;;
-s|--search)
shift
SEARCH=1
break
;;
esac
done
参考网址:
(1) Iptables Essentials: Common Firewall Rules and Commands.
GitHub - trimstray/iptables-essentials: Iptables Essentials: Common Firewall Rules and Commands.
(2)iptables基础知识详解