#!/bin/bash ################## #苍天保佑无bug ################## View_port(){ ###查询已经开放的端口 echo "已经开放的端口如下:" firewall-cmd --list-ports } View_forwarding(){ ####查询已有的转发规则 echo "已有转发规则如下:" forwarding_text=$(firewall-cmd --zone=public --list-all) forwarding_rule=$(echo -e "${forwarding_text}"|awk '/port=/') echo "${forwarding_rule}" } First_install(){ ###初始化环境 echo "正在帮你安装firewall防火墙..." #yum update yum install firewalld -y echo "正在帮你启动防火墙和设置开机自启..." systemctl start firewalld systemctl enable firewalld firewall_exist=$(firewall-cmd --version) echo "您的firewall防火墙的版本号是${firewall_exist}" echo "正在开启路由转发..." echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf sysctl -p echo "正在开启防火墙的流量伪装功能..." firewall-cmd --zone=public --permanent --add-masquerade } Add_rules(){ View_port View_forwarding #添加新的转发规则 echo -e "请选择Firewall端口转发类型:\n1.TCP\n2.UDP" read -e -p "请输入你要选择的转发类型:" chose if [[ ${chose} -eq 1 ]];then chose_proto="tcp" echo "您选择的是${chose_proto}" elif [[ ${chose} -eq 2 ]]; then chose_proto="udp" echo "您选择的是${chose_proto}" else echo "输入错误!" exit 1 fi ################################### read -e -p "请输入你要开启的公网IP端口:" openPort echo "将要开放的端口是${openPort}" firewall-cmd --add-port=${openPort}/${chose_proto} --permanent >> /dev/null 2>&1 port_status=$(firewall-cmd --reload) #检查端口是否开放成功 status=$(firewall-cmd --permanent --query-port=${openPort}/${chose_proto}) if [[ ${status} != "yes" ]];then echo "开放${openPort}端口失败!" exit 1 else echo "开放${openPort}端口成功!" ##转发远程服务器端口 #TCP read -e -p "请输入您要转发的内网IP:" ip read -e -p "请输入您要转发的内网IP端口:" port firewall-cmd --zone=public --add-forward-port=port=${openPort}:proto=${chose_proto}:toaddr=${ip}:toport=${port} --permanent >> /dev/null 2>&1 ###重新加载配置 echo "正在重载配置..." reload=$(firewall-cmd --reload) if [[ ${reload} = "success" ]];then echo "重载配置成功!" exit 0 else echo "重载配置失败!" exit 1 fi fi } Del_rules(){ #删除现有规则 View_forwarding read -e -p "请输入你要关闭的公网IP端口:" closePort echo "将要关闭的端口是${closePort}" echo -e "请选择要关闭的Firewall端口转发类型:\n1.TCP\n2.UDP" read -e -p "请输入你要选择的转发类型:" chose if [[ ${chose} -eq 1 ]];then chose_proto="tcp" echo "您选择的是${chose_proto}" elif [[ ${chose} -eq 2 ]]; then chose_proto="udp" echo "您选择的是${chose_proto}" else echo "输入错误!" exit 1 fi firewall-cmd --remove-port=${closePort}/${chose_proto} --permanent >> /dev/null 2>&1 ################## read -e -p "请输入您要删除的内网IP:" ip read -e -p "请输入您要删除的内网端口:" port firewall-cmd --zone=public --remove-forward-port=port=${closePort}:proto=${chose_proto}:toaddr=${ip}:toport=${port} --permanent >> /dev/null 2>&1 ###重新加载配置 echo "正在重载配置..." reload=$(firewall-cmd --reload) if [[ ${reload} = "success" ]];then echo "重载配置成功!" exit 0 else echo "重载配置失败!" exit 1 fi } echo -e "--------------------------------------------------" echo -e "\t\t 一键端口转发脚本" echo -e "\t\t仅适用于Centos 7.X" echo -e "\t 首次使用请先执行选项1" echo -e "--------------------------------------------------" echo -e "1.安装Firewall和相关环境" echo -e "2.查看现有的Firewall规则" echo -e "3.添加Firewall端口转发规则" echo -e "4.删除Firewall端口转发规则" read -e -p "请输入数字 [1-4]:" num case "$num" in 1) First_install ;; 2) View_forwarding ;; 3) Add_rules ;; 4) Del_rules ;; *) echo "请输入正确数字 [1-4]" ;; esac