添加firewall-cmd转发脚本
This commit is contained in:
CN-JS-HuiBai
113
Forward-Tools/firewall_tools.sh
Normal file
113
Forward-Tools/firewall_tools.sh
Normal file
@@ -0,0 +1,113 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "❌ 请使用 root 用户运行"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! command -v firewall-cmd >/dev/null 2>&1; then
|
||||
echo "❌ 未检测到 firewall-cmd(仅支持 RHEL 系)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! systemctl is-active firewalld >/dev/null 2>&1; then
|
||||
echo "❌ firewalld 未运行"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ZONE=$(firewall-cmd --get-default-zone)
|
||||
|
||||
get_forward_ports() {
|
||||
mapfile -t RULES < <(
|
||||
firewall-cmd --permanent --zone="$ZONE" --list-forward-ports || true
|
||||
)
|
||||
}
|
||||
|
||||
list_rules() {
|
||||
get_forward_ports
|
||||
echo
|
||||
echo "📋 当前端口转发规则(zone=$ZONE)"
|
||||
echo "--------------------------------------"
|
||||
|
||||
if [ "${#RULES[@]}" -eq 0 ]; then
|
||||
echo "(暂无端口转发规则)"
|
||||
return 1
|
||||
fi
|
||||
|
||||
for i in "${!RULES[@]}"; do
|
||||
printf "%2d) %s\n" "$((i+1))" "${RULES[$i]}"
|
||||
done
|
||||
}
|
||||
|
||||
add_rule() {
|
||||
echo
|
||||
read -rp "本地监听端口: " LOCAL_PORT
|
||||
read -rp "目标 IP 地址: " TO_ADDR
|
||||
read -rp "目标端口: " TO_PORT
|
||||
|
||||
echo "协议类型:"
|
||||
echo "1) TCP"
|
||||
echo "2) UDP"
|
||||
read -rp "选择 (1/2): " P
|
||||
|
||||
case "$P" in
|
||||
1) PROTO="tcp" ;;
|
||||
2) PROTO="udp" ;;
|
||||
*) echo "❌ 无效选择"; return ;;
|
||||
esac
|
||||
|
||||
RULE="port=${LOCAL_PORT}:proto=${PROTO}:toport=${TO_PORT}:toaddr=${TO_ADDR}"
|
||||
|
||||
firewall-cmd --permanent --zone="$ZONE" --add-forward-port="$RULE"
|
||||
firewall-cmd --reload
|
||||
|
||||
echo "✅ 已添加端口转发规则"
|
||||
}
|
||||
|
||||
############################
|
||||
# 删除规则
|
||||
############################
|
||||
delete_rule() {
|
||||
list_rules || return
|
||||
|
||||
echo
|
||||
read -rp "请输入要删除的规则编号: " IDX
|
||||
[[ "$IDX" =~ ^[0-9]+$ ]] || { echo "❌ 输入无效"; return; }
|
||||
|
||||
RULE="${RULES[$((IDX-1))]}"
|
||||
[[ -n "$RULE" ]] || { echo "❌ 编号不存在"; return; }
|
||||
|
||||
echo "⚠️ 即将删除规则:"
|
||||
echo "$RULE"
|
||||
read -rp "确认删除?(y/N): " CONFIRM
|
||||
[[ "$CONFIRM" =~ ^[Yy]$ ]] || return
|
||||
|
||||
firewall-cmd --permanent --zone="$ZONE" --remove-forward-port="$RULE"
|
||||
firewall-cmd --reload
|
||||
|
||||
|
||||
echo "🗑️ 规则已删除"
|
||||
}
|
||||
|
||||
############################
|
||||
# 主菜单
|
||||
############################
|
||||
while true; do
|
||||
echo
|
||||
echo "====== firewalld 端口转发管理(forward-port) ======"
|
||||
echo "1) 添加端口转发规则"
|
||||
echo "2) 查看端口转发规则"
|
||||
echo "3) 删除端口转发规则"
|
||||
echo "0) 退出"
|
||||
echo "==================================================="
|
||||
read -rp "请选择: " C
|
||||
|
||||
case "$C" in
|
||||
1) add_rule ;;
|
||||
2) list_rules ;;
|
||||
3) delete_rule ;;
|
||||
0) exit 0 ;;
|
||||
*) echo "❌ 无效选择" ;;
|
||||
esac
|
||||
done
|
||||
Reference in New Issue
Block a user