#!/bin/bash set -e if [ "$EUID" -ne 0 ]; then echo "❌ 请使用 root 用户运行" exit 1 fi if ! command -v firewall-cmd >/dev/null 2>&1; then echo "❌ 未检测到 firewall-cmd" exit 1 fi if ! systemctl is-active firewalld >/dev/null 2>&1; then echo "❌ firewalld 未运行" exit 1 fi firewall-cmd --permanent --add-masquerade ZONE=$(firewall-cmd --get-default-zone) get_forward_ports() { mapfile -t RULES < <( firewall-cmd --permanent --zone="$ZONE" --list-forward-ports || true ) } list_rules() { get_forward_ports echo echo "📋 当前端口转发规则(zone=$ZONE)" echo "--------------------------------------" if [ "${#RULES[@]}" -eq 0 ]; then echo "(暂无端口转发规则)" return 1 fi for i in "${!RULES[@]}"; do printf "%2d) %s\n" "$((i+1))" "${RULES[$i]}" done } add_rule() { echo read -rp "本地监听端口: " LOCAL_PORT read -rp "目标 IP 地址: " TO_ADDR read -rp "目标端口: " TO_PORT echo "协议类型:" echo "1) TCP" echo "2) UDP" read -rp "选择 (1/2): " P case "$P" in 1) PROTO="tcp" ;; 2) PROTO="udp" ;; *) echo "❌ 无效选择"; return ;; esac RULE="port=${LOCAL_PORT}:proto=${PROTO}:toport=${TO_PORT}:toaddr=${TO_ADDR}" firewall-cmd --permanent --zone="$ZONE" --add-forward-port="$RULE" firewall-cmd --reload echo "✅ 已添加端口转发规则" } ############################ # 删除规则 ############################ delete_rule() { list_rules || return echo read -rp "请输入要删除的规则编号: " IDX [[ "$IDX" =~ ^[0-9]+$ ]] || { echo "❌ 输入无效"; return; } RULE="${RULES[$((IDX-1))]}" [[ -n "$RULE" ]] || { echo "❌ 编号不存在"; return; } echo "⚠️ 即将删除规则:" echo "$RULE" read -rp "确认删除?(y/N): " CONFIRM [[ "$CONFIRM" =~ ^[Yy]$ ]] || return firewall-cmd --permanent --zone="$ZONE" --remove-forward-port="$RULE" firewall-cmd --reload echo "🗑️ 规则已删除" } ############################ # 主菜单 ############################ while true; do echo echo "====== firewalld 端口转发管理(forward-port) ======" echo "1) 添加端口转发规则" echo "2) 查看端口转发规则" echo "3) 删除端口转发规则" echo "0) 退出" echo "===================================================" read -rp "请选择: " C case "$C" in 1) add_rule ;; 2) list_rules ;; 3) delete_rule ;; 0) exit 0 ;; *) echo "❌ 无效选择" ;; esac done