centos7 not config iptables

6 years ago · e3b94bf31c
parent 482540d51d
commit e3b94bf31c
2 changed files with 120 additions and 120 deletions
--- a/install.sh
+++ b/install.sh
@ -725,7 +725,8 @@ install_v2ray() {
 	if [[ $cmd == "apt-get" ]]; then
 		$cmd install -y lrzsz git zip unzip curl wget qrencode libcap2-bin
 	else
-		$cmd install -y lrzsz git zip unzip curl wget qrencode libcap iptables-services
+		# $cmd install -y lrzsz git zip unzip curl wget qrencode libcap iptables-services
+		$cmd install -y lrzsz git zip unzip curl wget qrencode libcap
 	fi
 	ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 	[ -d /etc/v2ray ] && rm -rf /etc/v2ray
@ -768,70 +769,69 @@ install_v2ray() {
 }

 open_port() {
-	if [[ $1 != "multiport" ]]; then
+	if [[ $cmd == "apt-get" ]]; then
+		if [[ $1 != "multiport" ]]; then

-		iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
-		ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+			iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+			ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT

-		# firewall-cmd --permanent --zone=public --add-port=$1/tcp
-		# firewall-cmd --permanent --zone=public --add-port=$1/udp
-		# firewall-cmd --reload
+			# firewall-cmd --permanent --zone=public --add-port=$1/tcp
+			# firewall-cmd --permanent --zone=public --add-port=$1/udp
+			# firewall-cmd --reload

-	else
+		else

-		local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}"
-		iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
-		iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
-		ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
-		ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
+			local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}"
+			iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
+			iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
+			ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
+			ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT

-		# local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}"
-		# firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp
-		# firewall-cmd --permanent --zone=public --add-port=$multi_port/udp
-		# firewall-cmd --reload
+			# local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}"
+			# firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp
+			# firewall-cmd --permanent --zone=public --add-port=$multi_port/udp
+			# firewall-cmd --reload

-	fi
-	if [[ $cmd == "apt-get" ]]; then
+		fi
 		iptables-save >/etc/iptables.rules.v4
 		ip6tables-save >/etc/iptables.rules.v6
-	else
-		service iptables save >/dev/null 2>&1
-		service ip6tables save >/dev/null 2>&1
+		# else
+		# 	service iptables save >/dev/null 2>&1
+		# 	service ip6tables save >/dev/null 2>&1
 	fi
 }
 del_port() {
-	if [[ $1 != "multiport" ]]; then
-		# if [[ $cmd == "apt-get" ]]; then
-		iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
-		ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
-		# else
-		# 	firewall-cmd --permanent --zone=public --remove-port=$1/tcp
-		# 	firewall-cmd --permanent --zone=public --remove-port=$1/udp
-		# fi
-	else
-		# if [[ $cmd == "apt-get" ]]; then
-		local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
-		iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
-		iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
-		ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
-		ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
-		# else
-		# 	local ports="${v2ray_dynamicPort_start}-${v2ray_dynamicPort_end}"
-		# 	firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
-		# 	firewall-cmd --permanent --zone=public --remove-port=$ports/udp
-		# fi
-	fi
-
 	if [[ $cmd == "apt-get" ]]; then
+		if [[ $1 != "multiport" ]]; then
+			# if [[ $cmd == "apt-get" ]]; then
+			iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+			ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+			# else
+			# 	firewall-cmd --permanent --zone=public --remove-port=$1/tcp
+			# 	firewall-cmd --permanent --zone=public --remove-port=$1/udp
+			# fi
+		else
+			# if [[ $cmd == "apt-get" ]]; then
+			local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
+			iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
+			iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
+			ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
+			ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
+			# else
+			# 	local ports="${v2ray_dynamicPort_start}-${v2ray_dynamicPort_end}"
+			# 	firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
+			# 	firewall-cmd --permanent --zone=public --remove-port=$ports/udp
+			# fi
+		fi
 		iptables-save >/etc/iptables.rules.v4
 		ip6tables-save >/etc/iptables.rules.v6
-	else
-		service iptables save >/dev/null 2>&1
-		service ip6tables save >/dev/null 2>&1
+		# else
+		# 	service iptables save >/dev/null 2>&1
+		# 	service ip6tables save >/dev/null 2>&1
 	fi

 }
@ -857,14 +857,14 @@ config() {
 /sbin/ip6tables-restore < /etc/iptables.rules.v6
 	EOF
 		chmod +x /etc/network/if-pre-up.d/iptables
-	else
-		[ $(pgrep "firewall") ] && systemctl stop firewalld
-		systemctl mask firewalld
-		systemctl disable firewalld
-		systemctl enable iptables
-		systemctl enable ip6tables
-		systemctl start iptables
-		systemctl start ip6tables
+		# else
+		# 	[ $(pgrep "firewall") ] && systemctl stop firewalld
+		# 	systemctl mask firewalld
+		# 	systemctl disable firewalld
+		# 	systemctl enable iptables
+		# 	systemctl enable ip6tables
+		# 	systemctl start iptables
+		# 	systemctl start ip6tables
 	fi

 	[[ $shadowsocks ]] && open_port $ssport
--- a/v2ray.sh
+++ b/v2ray.sh
@ -10,7 +10,7 @@ none='\e[0m'
 # Root
 [[ $(id -u) != 0 ]] && echo -e " 哎呀……请使用 ${red}root ${none}用户运行 ${yellow}~(^_^) ${none}" && exit 1

-_version="v3.13-test"
+_version="v3.14-test"

 cmd="apt-get"

@ -2429,76 +2429,76 @@ uninstall_lotserver() {
 }

 open_port() {
-	if [[ $1 != "multiport" ]]; then
-		# if [[ $cmd == "apt-get" ]]; then
-		iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
-		ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
-
-		# iptables-save >/etc/iptables.rules.v4
-		# ip6tables-save >/etc/iptables.rules.v6
-		# else
-		# 	firewall-cmd --permanent --zone=public --add-port=$1/tcp
-		# 	firewall-cmd --permanent --zone=public --add-port=$1/udp
-		# 	firewall-cmd --reload
-		# fi
-	else
-		# if [[ $cmd == "apt-get" ]]; then
-		local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}"
-		iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
-		iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
-		ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
-		ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
-
-		# iptables-save >/etc/iptables.rules.v4
-		# ip6tables-save >/etc/iptables.rules.v6
-		# else
-		# 	local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}"
-		# 	firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp
-		# 	firewall-cmd --permanent --zone=public --add-port=$multi_port/udp
-		# 	firewall-cmd --reload
-		# fi
-	fi
 	if [[ $cmd == "apt-get" ]]; then
+		if [[ $1 != "multiport" ]]; then
+			# if [[ $cmd == "apt-get" ]]; then
+			iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			iptables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+			ip6tables -I INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			ip6tables -I INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+
+			# iptables-save >/etc/iptables.rules.v4
+			# ip6tables-save >/etc/iptables.rules.v6
+			# else
+			# 	firewall-cmd --permanent --zone=public --add-port=$1/tcp
+			# 	firewall-cmd --permanent --zone=public --add-port=$1/udp
+			# 	firewall-cmd --reload
+			# fi
+		else
+			# if [[ $cmd == "apt-get" ]]; then
+			local multiport="${v2ray_dynamic_port_start_input}:${v2ray_dynamic_port_end_input}"
+			iptables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
+			iptables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
+			ip6tables -I INPUT -p tcp --match multiport --dports $multiport -j ACCEPT
+			ip6tables -I INPUT -p udp --match multiport --dports $multiport -j ACCEPT
+
+			# iptables-save >/etc/iptables.rules.v4
+			# ip6tables-save >/etc/iptables.rules.v6
+			# else
+			# 	local multi_port="${v2ray_dynamic_port_start_input}-${v2ray_dynamic_port_end_input}"
+			# 	firewall-cmd --permanent --zone=public --add-port=$multi_port/tcp
+			# 	firewall-cmd --permanent --zone=public --add-port=$multi_port/udp
+			# 	firewall-cmd --reload
+			# fi
+		fi
 		iptables-save >/etc/iptables.rules.v4
 		ip6tables-save >/etc/iptables.rules.v6
-	else
-		service iptables save >/dev/null 2>&1
-		service ip6tables save >/dev/null 2>&1
+		# else
+		# 	service iptables save >/dev/null 2>&1
+		# 	service ip6tables save >/dev/null 2>&1
 	fi

 }
 del_port() {
-	if [[ $1 != "multiport" ]]; then
-		# if [[ $cmd == "apt-get" ]]; then
-		iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
-		ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
-		ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
-		# else
-		# 	firewall-cmd --permanent --zone=public --remove-port=$1/tcp
-		# 	firewall-cmd --permanent --zone=public --remove-port=$1/udp
-		# fi
-	else
-		# if [[ $cmd == "apt-get" ]]; then
-		local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
-		iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
-		iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
-		ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
-		ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
-		# else
-		# 	local ports="${v2ray_dynamicPort_start}-${v2ray_dynamicPort_end}"
-		# 	firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
-		# 	firewall-cmd --permanent --zone=public --remove-port=$ports/udp
-		# fi
-	fi
 	if [[ $cmd == "apt-get" ]]; then
+		if [[ $1 != "multiport" ]]; then
+			# if [[ $cmd == "apt-get" ]]; then
+			iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			iptables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+			ip6tables -D INPUT -m state --state NEW -m tcp -p tcp --dport $1 -j ACCEPT
+			ip6tables -D INPUT -m state --state NEW -m udp -p udp --dport $1 -j ACCEPT
+			# else
+			# 	firewall-cmd --permanent --zone=public --remove-port=$1/tcp
+			# 	firewall-cmd --permanent --zone=public --remove-port=$1/udp
+			# fi
+		else
+			# if [[ $cmd == "apt-get" ]]; then
+			local ports="${v2ray_dynamicPort_start}:${v2ray_dynamicPort_end}"
+			iptables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
+			iptables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
+			ip6tables -D INPUT -p tcp --match multiport --dports $ports -j ACCEPT
+			ip6tables -D INPUT -p udp --match multiport --dports $ports -j ACCEPT
+			# else
+			# 	local ports="${v2ray_dynamicPort_start}-${v2ray_dynamicPort_end}"
+			# 	firewall-cmd --permanent --zone=public --remove-port=$ports/tcp
+			# 	firewall-cmd --permanent --zone=public --remove-port=$ports/udp
+			# fi
+		fi
 		iptables-save >/etc/iptables.rules.v4
 		ip6tables-save >/etc/iptables.rules.v6
-	else
-		service iptables save >/dev/null 2>&1
-		service ip6tables save >/dev/null 2>&1
+		# else
+		# 	service iptables save >/dev/null 2>&1
+		# 	service ip6tables save >/dev/null 2>&1
 	fi
 }
 update() {