From c7a01b8c52c6559200b26c6c67f3cf1eed37feb1 Mon Sep 17 00:00:00 2001
From: midoks <midoks@163.com>
Date: Tue, 20 Dec 2022 13:02:45 +0800
Subject: [PATCH] Update rhel.sh

---
 scripts/install/rhel.sh | 101 ++++++++++++++++++++--------------------
 1 file changed, 51 insertions(+), 50 deletions(-)

diff --git a/scripts/install/rhel.sh b/scripts/install/rhel.sh
index 92ecad399..5c2131f42 100644
--- a/scripts/install/rhel.sh
+++ b/scripts/install/rhel.sh
@@ -17,11 +17,62 @@ if [ ! -z "$stream" ];then
     dnf upgrade -y libmodulemd
 fi
 
+
 PKGMGR='yum'
 if [ $VERSION_ID -ge 8 ];then
     PKGMGR='dnf'
 fi
 
+#https need
+if [ ! -d /root/.acme.sh ];then
+    curl https://get.acme.sh | sh
+fi
+
+if [ -f /usr/sbin/iptables ];then
+    $PKGMGR install -y iptables-services
+    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
+    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
+    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
+    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
+    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
+    service iptables save
+
+    iptables_status=`service iptables status | grep 'not running'`
+    if [ "${iptables_status}" == '' ];then
+        service iptables restart
+    fi
+    #安装时不开启
+    service iptables stop
+fi
+
+if [ ! -f /usr/sbin/iptables ];then
+    $PKGMGR install firewalld -y
+    systemctl enable firewalld
+    #取消服务锁定
+    systemctl unmask firewalld
+    systemctl start firewalld
+
+    sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
+    firewall-cmd --reload
+    
+
+    firewall-cmd --permanent --zone=public --add-port=22/tcp
+    firewall-cmd --permanent --zone=public --add-port=80/tcp
+    firewall-cmd --permanent --zone=public --add-port=443/tcp
+    firewall-cmd --permanent --zone=public --add-port=888/tcp
+    # firewall-cmd --permanent --zone=public --add-port=7200/tcp
+    # firewall-cmd --permanent --zone=public --add-port=3306/tcp
+    # firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
+
+    # sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
+    firewall-cmd --reload
+
+    #安装时不开启
+    systemctl stop firewalld
+fi
+
 $PKGMGR install -y epel-release
 if [ ! -z "$cn" ];then
     sed -e 's|^metalink=|#metalink=|g' \
@@ -71,55 +122,5 @@ else
     done
 fi
 
-#https need
-if [ ! -d /root/.acme.sh ];then
-	curl https://get.acme.sh | sh
-fi
-
-if [ -f /usr/sbin/iptables ];then
-	$PKGMGR install -y iptables-services
-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
-	# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
-	# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-	# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
-	service iptables save
-
-	iptables_status=`service iptables status | grep 'not running'`
-	if [ "${iptables_status}" == '' ];then
-		service iptables restart
-	fi
-	#安装时不开启
-	service iptables stop
-fi
-
-if [ ! -f /usr/sbin/iptables ];then
-	$PKGMGR install firewalld -y
-	systemctl enable firewalld
-    #取消服务锁定
-    systemctl unmask firewalld
-	systemctl start firewalld
-
-    sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
-    firewall-cmd --reload
-    
-
-	firewall-cmd --permanent --zone=public --add-port=22/tcp
-	firewall-cmd --permanent --zone=public --add-port=80/tcp
-	firewall-cmd --permanent --zone=public --add-port=443/tcp
-	firewall-cmd --permanent --zone=public --add-port=888/tcp
-	# firewall-cmd --permanent --zone=public --add-port=7200/tcp
-	# firewall-cmd --permanent --zone=public --add-port=3306/tcp
-	# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
-
-	# sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
-	firewall-cmd --reload
-
-	#安装时不开启
-	systemctl stop firewalld
-fi
-
 cd /www/server/mdserver-web/scripts && bash lib.sh
 chmod 755 /www/server/mdserver-web/data