midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update rhel.sh

Browse Source
pull/368/head
midoks 2 years ago
parent 45128636b0
commit 72643b7776
1 changed files with 35 additions and 34 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 69
      scripts/install/rhel.sh

69
scripts/install/rhel.sh
Unescape View File

@ -36,47 +36,48 @@ fi
SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
echo "SSH PORT:${SSH_PORT}" echo "SSH PORT:${SSH_PORT}"
echo "iptables wrap start" # redhat , iptables no default
if [ -f /usr/sbin/iptables ];then # echo "iptables wrap start"
$PKGMGR install -y iptables-services # if [ -f /usr/sbin/iptables ];then
# $PKGMGR install -y iptables-services
# iptables -nL --line-number # # iptables -nL --line-number
echo "iptables start" # echo "iptables start"
iptables_status=`systemctl status iptables | grep 'inactive'` # iptables_status=`systemctl status iptables | grep 'inactive'`
if [ "${iptables_status}" != '' ];then # if [ "${iptables_status}" != '' ];then
service iptables restart # service iptables restart
# iptables -P FORWARD DROP # # iptables -P FORWARD DROP
iptables -P INPUT DROP # iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT # iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT # iptables -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
if [ "$SSH_PORT" != "" ];then # if [ "$SSH_PORT" != "" ];then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT
else # else
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
fi # fi
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT # # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT # # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT # # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
service iptables save # service iptables save
fi # fi
# 安装时不开启 # # 安装时不开启
# stop之后清空了所有规则,所以安装是不能stop. # # stop之后清空了所有规则,所以安装是不能stop.
# 要在代码修复这个问题,开启时,重新执行一下放行端口。 # # 要在代码修复这个问题,开启时,重新执行一下放行端口。
#service iptables stop # #service iptables stop
echo "iptables end" # echo "iptables end"
fi # fi
echo "iptables wrap start" # echo "iptables wrap start"
if [ ! -f /usr/sbin/iptables ];then if [ ! -f /usr/sbin/firewalld ];then
$PKGMGR install firewalld -y $PKGMGR install firewalld -y
systemctl enable firewalld systemctl enable firewalld
#取消服务锁定 #取消服务锁定

Write Preview
Loading…
Cancel
Save