Update arch.sh

scripts/install/arch.sh

@@ -12,10 +12,55 @@ echo y | pacman -Sy python3
 echo y | pacman -Sy lsof
 echo y | pacman -Sy python-pip
 
-echo y | pacman -Sy mysql-dev
+# echo y | pacman -Sy rpcgen
+# echo y | pacman -Sy mysql-dev
 
 
+#https need
+if [ ! -d /root/.acme.sh ];then	
+	curl https://get.acme.sh | sh
+fi
 
+if [ -f /etc/init.d/iptables ];then
+
+	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
+	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
+	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
+	# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
+	# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
+	service iptables save
+
+	iptables_status=`service iptables status | grep 'not running'`
+	if [ "${iptables_status}" == '' ];then
+		service iptables restart
+	fi
+
+	#安装时不开启
+	service iptables stop
+fi
+
+
+if [ ! -f /etc/init.d/iptables ];then
+	echo y | pacman -Sy firewalld
+	systemctl enable firewalld
+	systemctl start firewalld
+
+	firewall-cmd --permanent --zone=public --add-port=22/tcp
+	firewall-cmd --permanent --zone=public --add-port=80/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=888/tcp
+	firewall-cmd --permanent --zone=public --add-port=7200/tcp
+	# firewall-cmd --permanent --zone=public --add-port=3306/tcp
+	# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp
+
+
+	sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
+	firewall-cmd --reload
+	#安装时不开启
+	systemctl stop firewalld
+fi
 
 
 cd /www/server/mdserver-web/scripts && bash lib.sh