115 lines
2.5 KiB
Bash
115 lines
2.5 KiB
Bash
#!/bin/bash
|
||
|
||
set -e
|
||
if [ "$EUID" -ne 0 ]; then
|
||
echo "❌ 请使用 root 用户运行"
|
||
exit 1
|
||
fi
|
||
|
||
if ! command -v firewall-cmd >/dev/null 2>&1; then
|
||
echo "❌ 未检测到 firewall-cmd"
|
||
exit 1
|
||
fi
|
||
|
||
if ! systemctl is-active firewalld >/dev/null 2>&1; then
|
||
echo "❌ firewalld 未运行"
|
||
exit 1
|
||
fi
|
||
|
||
firewall-cmd --permanent --add-masquerade
|
||
|
||
ZONE=$(firewall-cmd --get-default-zone)
|
||
|
||
get_forward_ports() {
|
||
mapfile -t RULES < <(
|
||
firewall-cmd --permanent --zone="$ZONE" --list-forward-ports || true
|
||
)
|
||
}
|
||
|
||
list_rules() {
|
||
get_forward_ports
|
||
echo
|
||
echo "📋 当前端口转发规则(zone=$ZONE)"
|
||
echo "--------------------------------------"
|
||
|
||
if [ "${#RULES[@]}" -eq 0 ]; then
|
||
echo "(暂无端口转发规则)"
|
||
return 1
|
||
fi
|
||
|
||
for i in "${!RULES[@]}"; do
|
||
printf "%2d) %s\n" "$((i+1))" "${RULES[$i]}"
|
||
done
|
||
}
|
||
|
||
add_rule() {
|
||
echo
|
||
read -rp "本地监听端口: " LOCAL_PORT
|
||
read -rp "目标 IP 地址: " TO_ADDR
|
||
read -rp "目标端口: " TO_PORT
|
||
|
||
echo "协议类型:"
|
||
echo "1) TCP"
|
||
echo "2) UDP"
|
||
read -rp "选择 (1/2): " P
|
||
|
||
case "$P" in
|
||
1) PROTO="tcp" ;;
|
||
2) PROTO="udp" ;;
|
||
*) echo "❌ 无效选择"; return ;;
|
||
esac
|
||
|
||
RULE="port=${LOCAL_PORT}:proto=${PROTO}:toport=${TO_PORT}:toaddr=${TO_ADDR}"
|
||
|
||
firewall-cmd --permanent --zone="$ZONE" --add-forward-port="$RULE"
|
||
firewall-cmd --reload
|
||
|
||
echo "✅ 已添加端口转发规则"
|
||
}
|
||
|
||
############################
|
||
# 删除规则
|
||
############################
|
||
delete_rule() {
|
||
list_rules || return
|
||
|
||
echo
|
||
read -rp "请输入要删除的规则编号: " IDX
|
||
[[ "$IDX" =~ ^[0-9]+$ ]] || { echo "❌ 输入无效"; return; }
|
||
|
||
RULE="${RULES[$((IDX-1))]}"
|
||
[[ -n "$RULE" ]] || { echo "❌ 编号不存在"; return; }
|
||
|
||
echo "⚠️ 即将删除规则:"
|
||
echo "$RULE"
|
||
read -rp "确认删除?(y/N): " CONFIRM
|
||
[[ "$CONFIRM" =~ ^[Yy]$ ]] || return
|
||
firewall-cmd --permanent --zone="$ZONE" --remove-forward-port="$RULE"
|
||
firewall-cmd --reload
|
||
|
||
|
||
echo "🗑️ 规则已删除"
|
||
}
|
||
|
||
############################
|
||
# 主菜单
|
||
############################
|
||
while true; do
|
||
echo
|
||
echo "====== firewalld 端口转发管理(forward-port) ======"
|
||
echo "1) 添加端口转发规则"
|
||
echo "2) 查看端口转发规则"
|
||
echo "3) 删除端口转发规则"
|
||
echo "0) 退出"
|
||
echo "==================================================="
|
||
read -rp "请选择: " C
|
||
|
||
case "$C" in
|
||
1) add_rule ;;
|
||
2) list_rules ;;
|
||
3) delete_rule ;;
|
||
0) exit 0 ;;
|
||
*) echo "❌ 无效选择" ;;
|
||
esac
|
||
done
|