iptables增加和删除防火墙规则

shell脚本：

#!/bin/bash

usage() {
    echo "usage(): "
    echo "xxx_network --add|-a       Append rule "
    echo "xxx_network --delete|-d    Delete rule"
    echo "xxx_network --search|-s    Print the rules"
}

iptables_add() {
    local ret

    ret=`iptables -S | grep "N xxx_service"`
    if [ ! -n "${ret}" ];then
        iptables -N xxx_service
    fi

    ret=`iptables -S | grep "A INPUT -j xxx_service"`
    if [ ! -n "${ret}" ];then
        iptables -I INPUT 1 -j xxx_service
    fi

    ret=`iptables -S | grep "A IN_public -j xxx_service"`
    if [ ! -n "${ret}" ];then
        iptables -I IN_public 1 -j xxx_service
    fi

    ret=`iptables -S | grep "A xxx_service -p udp -m state --state NEW -m udp --dport 5000 -j ACCEPT"`
    if [ ! -n "${ret}" ];then
        iptables -A xxx_service -p udp -m state --state NEW -m udp --dport 5000 -j ACCEPT
    fi

    ret=`iptables -S | grep "A xxx_service -p tcp -m state --state NEW -m tcp --dport 60000 -j ACCEPT"`
    if [ ! -n "${ret}" ];then
        iptables -A xxx_service -p tcp -m state --state NEW -m tcp --dport 60000 -j ACCEPT
    fi
}

iptables_delete() {
    #INPUT (1,1)
    INPUT_RET=`iptables -L INPUT -n --line-number | grep xxx_service | sed -n "1, 1p" | awk '{print $1}'`
    if [ -n "${INPUT_RET}" ];then
        iptables -D INPUT ${INPUT_RET}
    fi

    #IN_public (1,1) 
    IN_PUBLIC_RET=`iptables -L IN_public -n --line-number | grep xxx_service | sed -n "1, 1p" | awk '{print $1}'`
    if [ -n "${IN_PUBLIC_RET}" ];then
        iptables -D IN_public ${IN_PUBLIC_RET}
    fi

    XXX_SERVICE_RET=`iptables -S | grep "N xxx_service"`
    if [ "${XXX_SERVICE_RET}" = "-N xxx_service" ];then
	    #xxx_service
        XXX_RET=`iptables -L xxx_service -n --line-number | awk 'END{print NR}'`
        if [ "${XXX_RET}" -gt 2 ];then
            for i in $(seq 3 ${XXX_RET})
            do
                iptables -D xxx_service 1
            done
        fi

        #-X xxx_service
        XXX_SERVICE=`iptables -S | grep "xxx_service"`
        if [ "${XXX_SERVICE}" = "-N xxx_service" ];then
            iptables -X xxx_service
        fi
    fi
}

iptables_search() {
    iptables -S
}

while :; do
    case "$1" in 
        -a|--add) 
	    shift
            ADD=1
            break
            ;;
        -d|--delete)
	    shift
            DELETE=1
            break
            ;;
        -s|--search)
	    shift
            SEARCH=1
            break
            ;;
    esac
done

参考网址：

(1) Iptables Essentials: Common Firewall Rules and Commands.

GitHub - trimstray/iptables-essentials: Iptables Essentials: Common Firewall Rules and Commands.

(2)iptables基础知识详解

iptables基础知识详解_Larry的博客-CSDN博客_iptables