netfilter-persistent:53 80

yxbinghe Linux 

​       if [[ "${ID}" == "centos" ]]; then
​            pkg_install "iptables-services"
​        else
​            pkg_install "iptables-persistent"
​        fi

​        iptables -A INPUT -i lo -j ACCEPT
​        iptables -A OUTPUT -o lo -j ACCEPT
​        if [[ ${tls_mode} != "None" ]]; then
​            iptables -I INPUT -p tcp -m multiport --dport 53,80,${port} -j ACCEPT
​            iptables -I INPUT -p udp -m multiport --dport 53,80,${port} -j ACCEPT
​            iptables -I OUTPUT -p tcp -m multiport --sport 53,80,${port} -j ACCEPT
​            iptables -I OUTPUT -p udp -m multiport --sport 53,80,${port} -j ACCEPT
​            iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
​        fi
​        if [[ ${ws_grpc_mode} == "onlyws" ]]; then
​            iptables -I INPUT -p tcp -m multiport --dport 53,${xport} -j ACCEPT
​            iptables -I INPUT -p udp -m multiport --dport 53,${xport} -j ACCEPT
​            iptables -I OUTPUT -p tcp -m multiport --sport 53,${xport} -j ACCEPT
​            iptables -I OUTPUT -p udp -m multiport --sport 53,${xport} -j ACCEPT
​            iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
​        elif [[ ${ws_grpc_mode} == "onlygRPC" ]]; then
​            iptables -I INPUT -p tcp -m multiport --dport 53,${gport} -j ACCEPT
​            iptables -I INPUT -p udp -m multiport --dport 53,${gport} -j ACCEPT
​            iptables -I OUTPUT -p tcp -m multiport --sport 53,${gport} -j ACCEPT
​            iptables -I OUTPUT -p udp -m multiport --sport 53,${gport} -j ACCEPT
​            iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
​        elif [[ ${ws_grpc_mode} == "all" ]]; then
​            iptables -I INPUT -p tcp -m multiport --dport 53,${xport},${gport} -j ACCEPT
​            iptables -I INPUT -p udp -m multiport --dport 53,${xport},${gport} -j ACCEPT
​            iptables -I OUTPUT -p tcp -m multiport --sport 53,${xport},${gport} -j ACCEPT
​            iptables -I OUTPUT -p udp -m multiport --sport 53,${xport},${gport} -j ACCEPT
​            iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
​        fi
​        if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]]; then
​            service iptables save
​            service iptables restart
​            echo -e "${OK} ${GreenBG} 防火墙 重启 完成 ${Font}"
​        else
​            netfilter-persistent save
​            systemctl restart iptables

版权声明:
作者:yxbinghe
链接:https://www.zhanhao.ch/?p=154
来源:ice.99
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>