midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

firewalld优先

Browse Source
pull/368/head
midoks 2 years ago
parent ad3d93cf8b
commit 5ef4b3d05d
6 changed files with 145 additions and 150 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 47
      scripts/install/amazon.sh
  2. 47
      scripts/install/arch.sh
  3. 33
      scripts/install/debian.sh
  4. 51
      scripts/install/fedora.sh
  5. 47
      scripts/install/opensuse.sh
  6. 42
      scripts/install/ubuntu.sh

47
scripts/install/amazon.sh
Unescape View File

@ -21,42 +21,43 @@ yum install -y curl-devel libmcrypt libmcrypt-devel
yum install -y mysql-devel
yum install -y expect
if [ -f /usr/sbin/iptables ];then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
service iptables save
iptables_status=`service iptables status | grep 'not running'`
if [ "${iptables_status}" == '' ];then
service iptables restart
fi
SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
echo "SSH PORT:${SSH_PORT}"
#安装时不开启
service iptables stop
fi
# if [ -f /usr/sbin/iptables ];then
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# service iptables save
# iptables_status=`service iptables status | grep 'not running'`
# if [ "${iptables_status}" == '' ];then
# service iptables restart
# fi
# #安装时不开启
# service iptables stop
# fi
if [ ! -f /usr/sbin/iptables ];then
if [ ! -f /usr/sbin/firewalld ];then
yum install firewalld -y
systemctl enable firewalld
#取消服务锁定
systemctl unmask firewalld
systemctl start firewalld
if [ "$SSH_PORT" != "" ];then
firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp
else
firewall-cmd --permanent --zone=public --add-port=22/tcp
fi
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=888/tcp
# firewall-cmd --permanent --zone=public --add-port=7200/tcp
# firewall-cmd --permanent --zone=public --add-port=3306/tcp
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
firewall-cmd --reload

47
scripts/install/arch.sh
Unescape View File

@ -54,40 +54,41 @@ echo y | pacman -Syu icu
hwclock --systohc
if [ -f /usr/sbin/iptables ];then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
service iptables save
iptables_status=`service iptables status | grep 'not running'`
if [ "${iptables_status}" == '' ];then
service iptables restart
fi
SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
echo "SSH PORT:${SSH_PORT}"
#安装时不开启
service iptables stop
fi
# if [ -f /usr/sbin/iptables ];then
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# service iptables save
# iptables_status=`service iptables status | grep 'not running'`
# if [ "${iptables_status}" == '' ];then
# service iptables restart
# fi
# #安装时不开启
# service iptables stop
# fi
if [ ! -f /usr/sbin/iptables ];then
if [ ! -f /usr/sbin/firewalld ];then
echo y | pacman -Sy firewalld
systemctl enable firewalld
systemctl start firewalld
if [ "$SSH_PORT" != "" ];then
firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp
else
firewall-cmd --permanent --zone=public --add-port=22/tcp
fi
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=888/tcp
# firewall-cmd --permanent --zone=public --add-port=7200/tcp
# firewall-cmd --permanent --zone=public --add-port=3306/tcp
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
firewall-cmd --reload

33
scripts/install/debian.sh
Unescape View File

@ -45,23 +45,24 @@ apt-get update -y
apt install -y wget curl lsof unzip tar cron expect locate
apt install -y python3-pip python3-dev python3-venv
if [ -f /usr/sbin/ufw ];then
if [ "$SSH_PORT" != "" ];then
ufw allow $SSH_PORT/tcp
else
ufw allow 22/tcp
fi
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 888/tcp
fi
# if [ -f /usr/sbin/ufw ];then
# if [ "$SSH_PORT" != "" ];then
# ufw allow $SSH_PORT/tcp
# else
# ufw allow 22/tcp
# fi
if [ -f /usr/sbin/ufw ];then
ufw disable
fi
# ufw allow 80/tcp
# ufw allow 443/tcp
# ufw allow 888/tcp
# fi
# if [ -f /usr/sbin/ufw ];then
# ufw disable
# fi
if [ ! -f /usr/sbin/ufw ];then
if [ ! -f /usr/sbin/firewalld ];then
# look
# firewall-cmd --list-all
@ -79,16 +80,12 @@ if [ ! -f /usr/sbin/ufw ];then
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=888/tcp
# firewall-cmd --permanent --zone=public --add-port=7200/tcp
# firewall-cmd --permanent --zone=public --add-port=3306/tcp
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
# fix:debian10 firewalld faq
# https://kawsing.gitbook.io/opensystem/andoid-shou-ji/untitled/fang-huo-qiang#debian-10-firewalld-0.6.3-error-commandfailed-usrsbinip6tablesrestorewn-failed-ip6tablesrestore-v1.8
sed -i 's#IndividualCalls=no#IndividualCalls=yes#g' /etc/firewalld/firewalld.conf
firewall-cmd --reload
#安装时不开启
systemctl stop firewalld
fi

51
scripts/install/fedora.sh
Unescape View File

@ -17,44 +17,47 @@ yum install -y wget curl lsof unzip
yum install -y expect
dnf install crontabs -y
if [ -f /usr/sbin/iptables ];then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
service iptables save
iptables_status=`service iptables status | grep 'not running'`
if [ "${iptables_status}" == '' ];then
service iptables restart
fi
SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
echo "SSH PORT:${SSH_PORT}"
#安装时不开启
service iptables stop
fi
# if [ -f /usr/sbin/iptables ];then
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
# # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
# # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
# service iptables save
# iptables_status=`service iptables status | grep 'not running'`
# if [ "${iptables_status}" == '' ];then
# service iptables restart
# fi
# #安装时不开启
# service iptables stop
# fi
if [ "${isVersion}" == '' ];then
if [ ! -f "/usr/sbin/iptables" ];then
if [ ! -f /usr/sbin/iptables ];then
yum install firewalld -y
systemctl enable firewalld
systemctl start firewalld
if [ "$SSH_PORT" != "" ];then
firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp
else
firewall-cmd --permanent --zone=public --add-port=22/tcp
fi
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=888/tcp
# firewall-cmd --permanent --zone=public --add-port=7200/tcp
# firewall-cmd --permanent --zone=public --add-port=3306/tcp
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
firewall-cmd --reload
fi
fi
#安装时不开启
systemctl stop firewalld

47
scripts/install/opensuse.sh
Unescape View File

@ -52,40 +52,41 @@ zypper install -y freetype2-devel
# zypper install -y php-config
if [ -f /usr/sbin/iptables ];then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
service iptables save
iptables_status=`service iptables status | grep 'not running'`
if [ "${iptables_status}" == '' ];then
service iptables restart
fi
SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
echo "SSH PORT:${SSH_PORT}"
#安装时不开启
service iptables stop
fi
# if [ -f /usr/sbin/iptables ];then
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# service iptables save
# iptables_status=`service iptables status | grep 'not running'`
# if [ "${iptables_status}" == '' ];then
# service iptables restart
# fi
# #安装时不开启
# service iptables stop
# fi
if [ ! -f /usr/sbin/iptables ];then
if [ ! -f /usr/sbin/firewalld ];then
zypper install -y firewalld
systemctl enable firewalld
systemctl start firewalld
if [ "$SSH_PORT" != "" ];then
firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp
else
firewall-cmd --permanent --zone=public --add-port=22/tcp
fi
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=888/tcp
# firewall-cmd --permanent --zone=public --add-port=7200/tcp
# firewall-cmd --permanent --zone=public --add-port=3306/tcp
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
firewall-cmd --reload

42
scripts/install/ubuntu.sh
Unescape View File

@ -27,33 +27,28 @@ localedef -v -c -i en_US -f UTF-8 en_US.UTF-8
SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
echo "SSH PORT:${SSH_PORT}"
if [ -f /usr/sbin/ufw ];then
# if [ -f /usr/sbin/ufw ];then
# look
# ufw status
ufw enable
# # look
# # ufw status
# ufw enable
if [ "$SSH_PORT" != "" ];then
ufw allow $SSH_PORT/tcp
else
ufw allow 22/tcp
fi
# if [ "$SSH_PORT" != "" ];then
# ufw allow $SSH_PORT/tcp
# else
# ufw allow 22/tcp
# fi
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 888/tcp
# ufw allow 7200/tcp
# ufw allow 3306/tcp
# ufw allow 30000:40000/tcp
# ufw allow 80/tcp
# ufw allow 443/tcp
# ufw allow 888/tcp
# fi
fi
if [ -f /usr/sbin/ufw ];then
ufw disable
fi
# if [ -f /usr/sbin/ufw ];then
# ufw disable
# fi
if [ ! -f /usr/sbin/ufw ];then
if [ ! -f /usr/sbin/firewalld ];then
apt install -y firewalld
systemctl enable firewalld
systemctl start firewalld
@ -67,9 +62,6 @@ if [ ! -f /usr/sbin/ufw ];then
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=888/tcp
# firewall-cmd --permanent --zone=public --add-port=7200/tcp
# firewall-cmd --permanent --zone=public --add-port=3306/tcp
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
# fix:debian10 firewalld faq
# https://kawsing.gitbook.io/opensystem/andoid-shou-ji/untitled/fang-huo-qiang#debian-10-firewalld-0.6.3-error-commandfailed-usrsbinip6tablesrestorewn-failed-ip6tablesrestore-v1.8

Write Preview
Loading…
Cancel
Save