midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update rhel.sh

Browse Source
pull/368/head
midoks 2 years ago
parent 45128636b0
commit 72643b7776
1 changed files with 35 additions and 34 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 83
      scripts/install/rhel.sh

83
scripts/install/rhel.sh
Unescape View File

@ -36,47 +36,48 @@ fi
SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
echo "SSH PORT:${SSH_PORT}" echo "SSH PORT:${SSH_PORT}"
echo "iptables wrap start" # redhat , iptables no default
if [ -f /usr/sbin/iptables ];then # echo "iptables wrap start"
$PKGMGR install -y iptables-services # if [ -f /usr/sbin/iptables ];then
# $PKGMGR install -y iptables-services
# iptables -nL --line-number
# # iptables -nL --line-number
echo "iptables start"
iptables_status=`systemctl status iptables | grep 'inactive'` # echo "iptables start"
if [ "${iptables_status}" != '' ];then # iptables_status=`systemctl status iptables | grep 'inactive'`
service iptables restart # if [ "${iptables_status}" != '' ];then
# service iptables restart
# iptables -P FORWARD DROP
iptables -P INPUT DROP # # iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT # iptables -P INPUT DROP
iptables -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT # iptables -P OUTPUT ACCEPT
# iptables -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
if [ "$SSH_PORT" != "" ];then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT # if [ "$SSH_PORT" != "" ];then
else # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # else
fi # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# fi
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT # # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT # # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
service iptables save # # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
fi # service iptables save
# fi
# 安装时不开启
# stop之后清空了所有规则,所以安装是不能stop. # # 安装时不开启
# 要在代码修复这个问题,开启时,重新执行一下放行端口。 # # stop之后清空了所有规则,所以安装是不能stop.
#service iptables stop # # 要在代码修复这个问题,开启时,重新执行一下放行端口。
# #service iptables stop
echo "iptables end"
fi # echo "iptables end"
echo "iptables wrap start" # fi
# echo "iptables wrap start"
if [ ! -f /usr/sbin/iptables ];then
if [ ! -f /usr/sbin/firewalld ];then
$PKGMGR install firewalld -y $PKGMGR install firewalld -y
systemctl enable firewalld systemctl enable firewalld
#取消服务锁定 #取消服务锁定

Write Preview
Loading…
Cancel
Save