centos7 not config iptables

pull/109/head
233boy 6 years ago
parent cee9bb6fb0
commit 3ecb6847e6
  1. 134
      install.sh
  2. 122
      v2ray.sh

@ -874,7 +874,8 @@ install_v2ray() {
if [[ $cmd == "apt-get" ]]; then if [[ $cmd == "apt-get" ]]; then
$cmd install -y lrzsz git zip unzip curl wget qrencode libcap2-bin $cmd install -y lrzsz git zip unzip curl wget qrencode libcap2-bin
else else
$cmd install -y lrzsz git zip unzip curl wget qrencode libcap iptables-services # $cmd install -y lrzsz git zip unzip curl wget qrencode libcap iptables-services
$cmd install -y lrzsz git zip unzip curl wget qrencode libcap
fi fi
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[ -d /etc/v2ray ] && rm -rf /etc/v2ray [ -d /etc/v2ray ] && rm -rf /etc/v2ray
@ -1151,79 +1152,78 @@ install_v2ray() {
} }
open_port() { open_port() {
if [[ $1 != "multiport" ]]; then if [[ $cmd == "apt-get" ]]; then
if [[ $1 != "multiport" ]]; then
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
# firewall-cmd --permanent --zone=public --add-port=$1/tcp # firewall-cmd --permanent --zone=public --add-port=$1/tcp
# firewall-cmd --permanent --zone=public --add-port=$1/udp # firewall-cmd --permanent --zone=public --add-port=$1/udp
# firewall-cmd --reload # firewall-cmd --reload
else else
local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}" local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}"
iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
# local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}" # local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}"
# firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp # firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp
# firewall-cmd --permanent --zone=public --add-port=$multi_port/udp # firewall-cmd --permanent --zone=public --add-port=$multi_port/udp
# firewall-cmd --reload # firewall-cmd --reload
fi fi
if [[ $cmd == "apt-get" ]]; then
iptables-save >/etc/iptables.rules.v4 iptables-save >/etc/iptables.rules.v4
ip6tables-save >/etc/iptables.rules.v6 ip6tables-save >/etc/iptables.rules.v6
else # else
service iptables save >/dev/null 2>&1 # service iptables save >/dev/null 2>&1
service ip6tables save >/dev/null 2>&1 # service ip6tables save >/dev/null 2>&1
fi fi
} }
del_port() { del_port() {
if [[ $1 != "multiport" ]]; then if [[ $cmd == "apt-get" ]]; then
# if [[ $cmd == "apt-get" ]]; then if [[ $1 != "multiport" ]]; then
iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT # if [[ $cmd == "apt-get" ]]; then
iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
# else ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
# firewall-cmd --permanent --zone=public --remove-port=$1/tcp # else
# firewall-cmd --permanent --zone=public --remove-port=$1/udp # firewall-cmd --permanent --zone=public --remove-port=$1/tcp
# fi # firewall-cmd --permanent --zone=public --remove-port=$1/udp
else # fi
# if [[ $cmd == "apt-get" ]]; then
if [[ $v2ray_transport ]]; then
local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
else else
local port_start=$(sed -n '23p' $backup) # if [[ $cmd == "apt-get" ]]; then
local port_end=$(sed -n '25p' $backup) if [[ $v2ray_transport ]]; then
local ports="${port_start}:${port_end}" local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
fi else
local port_start=$(sed -n '23p' $backup)
iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT local port_end=$(sed -n '25p' $backup)
iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT local ports="${port_start}:${port_end}"
ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT fi
ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
# else
# local port_start=$(sed -n '23p' $backup)
# local port_end=$(sed -n '25p' $backup)
# local ports="${port_start}-${port_end}"
# firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
# firewall-cmd --permanent --zone=public --remove-port=$ports/udp
# fi
fi
if [[ $cmd == "apt-get" ]]; then iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
# else
# local port_start=$(sed -n '23p' $backup)
# local port_end=$(sed -n '25p' $backup)
# local ports="${port_start}-${port_end}"
# firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
# firewall-cmd --permanent --zone=public --remove-port=$ports/udp
# fi
fi
iptables-save >/etc/iptables.rules.v4 iptables-save >/etc/iptables.rules.v4
ip6tables-save >/etc/iptables.rules.v6 ip6tables-save >/etc/iptables.rules.v6
else # else
service iptables save >/dev/null 2>&1 # service iptables save >/dev/null 2>&1
service ip6tables save >/dev/null 2>&1 # service ip6tables save >/dev/null 2>&1
fi fi
} }
@ -1373,14 +1373,14 @@ config() {
/sbin/ip6tables-restore < /etc/iptables.rules.v6 /sbin/ip6tables-restore < /etc/iptables.rules.v6
EOF EOF
chmod +x /etc/network/if-pre-up.d/iptables chmod +x /etc/network/if-pre-up.d/iptables
else # else
[ $(pgrep "firewall") ] && systemctl stop firewalld # [ $(pgrep "firewall") ] && systemctl stop firewalld
systemctl mask firewalld # systemctl mask firewalld
systemctl disable firewalld # systemctl disable firewalld
systemctl enable iptables # systemctl enable iptables
systemctl enable ip6tables # systemctl enable ip6tables
systemctl start iptables # systemctl start iptables
systemctl start ip6tables # systemctl start ip6tables
fi fi
[ $shadowsocks ] && open_port $ssport [ $shadowsocks ] && open_port $ssport

@ -10,7 +10,7 @@ none='\e[0m'
# Root # Root
[[ $(id -u) != 0 ]] && echo -e " 哎呀……请使用 ${red}root ${none}用户运行 ${yellow}~(^_^) ${none}" && exit 1 [[ $(id -u) != 0 ]] && echo -e " 哎呀……请使用 ${red}root ${none}用户运行 ${yellow}~(^_^) ${none}" && exit 1
_version="v2.47" _version="v2.48"
cmd="apt-get" cmd="apt-get"
@ -2801,76 +2801,76 @@ uninstall_lotserver() {
} }
open_port() { open_port() {
if [[ $1 != "multiport" ]]; then
# if [[ $cmd == "apt-get" ]]; then
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
# iptables-save >/etc/iptables.rules.v4
# ip6tables-save >/etc/iptables.rules.v6
# else
# firewall-cmd --permanent --zone=public --add-port=$1/tcp
# firewall-cmd --permanent --zone=public --add-port=$1/udp
# firewall-cmd --reload
# fi
else
# if [[ $cmd == "apt-get" ]]; then
local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}"
iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
# iptables-save >/etc/iptables.rules.v4
# ip6tables-save >/etc/iptables.rules.v6
# else
# local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}"
# firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp
# firewall-cmd --permanent --zone=public --add-port=$multi_port/udp
# firewall-cmd --reload
# fi
fi
if [[ $cmd == "apt-get" ]]; then if [[ $cmd == "apt-get" ]]; then
if [[ $1 != "multiport" ]]; then
# if [[ $cmd == "apt-get" ]]; then
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
# iptables-save >/etc/iptables.rules.v4
# ip6tables-save >/etc/iptables.rules.v6
# else
# firewall-cmd --permanent --zone=public --add-port=$1/tcp
# firewall-cmd --permanent --zone=public --add-port=$1/udp
# firewall-cmd --reload
# fi
else
# if [[ $cmd == "apt-get" ]]; then
local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}"
iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
# iptables-save >/etc/iptables.rules.v4
# ip6tables-save >/etc/iptables.rules.v6
# else
# local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}"
# firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp
# firewall-cmd --permanent --zone=public --add-port=$multi_port/udp
# firewall-cmd --reload
# fi
fi
iptables-save >/etc/iptables.rules.v4 iptables-save >/etc/iptables.rules.v4
ip6tables-save >/etc/iptables.rules.v6 ip6tables-save >/etc/iptables.rules.v6
else # else
service iptables save >/dev/null 2>&1 # service iptables save >/dev/null 2>&1
service ip6tables save >/dev/null 2>&1 # service ip6tables save >/dev/null 2>&1
fi fi
} }
del_port() { del_port() {
if [[ $1 != "multiport" ]]; then
# if [[ $cmd == "apt-get" ]]; then
iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
# else
# firewall-cmd --permanent --zone=public --remove-port=$1/tcp
# firewall-cmd --permanent --zone=public --remove-port=$1/udp
# fi
else
# if [[ $cmd == "apt-get" ]]; then
local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
# else
# local ports="${v2ray_dynamicPort_start}-${v2ray_dynamicPort_end}"
# firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
# firewall-cmd --permanent --zone=public --remove-port=$ports/udp
# fi
fi
if [[ $cmd == "apt-get" ]]; then if [[ $cmd == "apt-get" ]]; then
if [[ $1 != "multiport" ]]; then
# if [[ $cmd == "apt-get" ]]; then
iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
# else
# firewall-cmd --permanent --zone=public --remove-port=$1/tcp
# firewall-cmd --permanent --zone=public --remove-port=$1/udp
# fi
else
# if [[ $cmd == "apt-get" ]]; then
local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
# else
# local ports="${v2ray_dynamicPort_start}-${v2ray_dynamicPort_end}"
# firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
# firewall-cmd --permanent --zone=public --remove-port=$ports/udp
# fi
fi
iptables-save >/etc/iptables.rules.v4 iptables-save >/etc/iptables.rules.v4
ip6tables-save >/etc/iptables.rules.v6 ip6tables-save >/etc/iptables.rules.v6
else # else
service iptables save >/dev/null 2>&1 # service iptables save >/dev/null 2>&1
service ip6tables save >/dev/null 2>&1 # service ip6tables save >/dev/null 2>&1
fi fi
} }
update() { update() {

Loading…
Cancel
Save