diff --git a/Forward-Tools/firewall_tools.sh b/Forward-Tools/firewall_tools.sh
new file mode 100644
index 0000000..14a0b05
--- /dev/null
+++ b/Forward-Tools/firewall_tools.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+
+set -e
+if [ "$EUID" -ne 0 ]; then
+  echo "❌ 请使用 root 用户运行"
+  exit 1
+fi
+
+if ! command -v firewall-cmd >/dev/null 2>&1; then
+  echo "❌ 未检测到 firewall-cmd（仅支持 RHEL 系）"
+  exit 1
+fi
+
+if ! systemctl is-active firewalld >/dev/null 2>&1; then
+  echo "❌ firewalld 未运行"
+  exit 1
+fi
+
+ZONE=$(firewall-cmd --get-default-zone)
+
+get_forward_ports() {
+  mapfile -t RULES < <(
+    firewall-cmd --permanent --zone="$ZONE" --list-forward-ports || true
+  )
+}
+
+list_rules() {
+  get_forward_ports
+  echo
+  echo "📋 当前端口转发规则（zone=$ZONE）"
+  echo "--------------------------------------"
+
+  if [ "${#RULES[@]}" -eq 0 ]; then
+    echo "（暂无端口转发规则）"
+    return 1
+  fi
+
+  for i in "${!RULES[@]}"; do
+    printf "%2d) %s\n" "$((i+1))" "${RULES[$i]}"
+  done
+}
+
+add_rule() {
+  echo
+  read -rp "本地监听端口: " LOCAL_PORT
+  read -rp "目标 IP 地址: " TO_ADDR
+  read -rp "目标端口: " TO_PORT
+
+  echo "协议类型："
+  echo "1) TCP"
+  echo "2) UDP"
+  read -rp "选择 (1/2): " P
+
+  case "$P" in
+    1) PROTO="tcp" ;;
+    2) PROTO="udp" ;;
+    *) echo "❌ 无效选择"; return ;;
+  esac
+
+  RULE="port=${LOCAL_PORT}:proto=${PROTO}:toport=${TO_PORT}:toaddr=${TO_ADDR}"
+
+  firewall-cmd --permanent --zone="$ZONE" --add-forward-port="$RULE"
+  firewall-cmd --reload
+
+  echo "✅ 已添加端口转发规则"
+}
+
+############################
+# 删除规则
+############################
+delete_rule() {
+  list_rules || return
+
+  echo
+  read -rp "请输入要删除的规则编号: " IDX
+  [[ "$IDX" =~ ^[0-9]+$ ]] || { echo "❌ 输入无效"; return; }
+
+  RULE="${RULES[$((IDX-1))]}"
+  [[ -n "$RULE" ]] || { echo "❌ 编号不存在"; return; }
+
+  echo "⚠️ 即将删除规则："
+  echo "$RULE"
+  read -rp "确认删除？(y/N): " CONFIRM
+  [[ "$CONFIRM" =~ ^[Yy]$ ]] || return
+
+  firewall-cmd --permanent --zone="$ZONE" --remove-forward-port="$RULE"
+  firewall-cmd --reload
+
+
+  echo "🗑️ 规则已删除"
+}
+
+############################
+# 主菜单
+############################
+while true; do
+  echo
+  echo "====== firewalld 端口转发管理（forward-port） ======"
+  echo "1) 添加端口转发规则"
+  echo "2) 查看端口转发规则"
+  echo "3) 删除端口转发规则"
+  echo "0) 退出"
+  echo "==================================================="
+  read -rp "请选择: " C
+
+  case "$C" in
+    1) add_rule ;;
+    2) list_rules ;;
+    3) delete_rule ;;
+    0) exit 0 ;;
+    *) echo "❌ 无效选择" ;;
+  esac
+done