if [[ "${ID}" == "centos" ]]; then
pkg_install "iptables-services"
else
pkg_install "iptables-persistent"
fi
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
if [[ ${tls_mode} != "None" ]]; then
iptables -I INPUT -p tcp -m multiport --dport 53,80,${port} -j ACCEPT
iptables -I INPUT -p udp -m multiport --dport 53,80,${port} -j ACCEPT
iptables -I OUTPUT -p tcp -m multiport --sport 53,80,${port} -j ACCEPT
iptables -I OUTPUT -p udp -m multiport --sport 53,80,${port} -j ACCEPT
iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
fi
if [[ ${ws_grpc_mode} == "onlyws" ]]; then
iptables -I INPUT -p tcp -m multiport --dport 53,${xport} -j ACCEPT
iptables -I INPUT -p udp -m multiport --dport 53,${xport} -j ACCEPT
iptables -I OUTPUT -p tcp -m multiport --sport 53,${xport} -j ACCEPT
iptables -I OUTPUT -p udp -m multiport --sport 53,${xport} -j ACCEPT
iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
elif [[ ${ws_grpc_mode} == "onlygRPC" ]]; then
iptables -I INPUT -p tcp -m multiport --dport 53,${gport} -j ACCEPT
iptables -I INPUT -p udp -m multiport --dport 53,${gport} -j ACCEPT
iptables -I OUTPUT -p tcp -m multiport --sport 53,${gport} -j ACCEPT
iptables -I OUTPUT -p udp -m multiport --sport 53,${gport} -j ACCEPT
iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
elif [[ ${ws_grpc_mode} == "all" ]]; then
iptables -I INPUT -p tcp -m multiport --dport 53,${xport},${gport} -j ACCEPT
iptables -I INPUT -p udp -m multiport --dport 53,${xport},${gport} -j ACCEPT
iptables -I OUTPUT -p tcp -m multiport --sport 53,${xport},${gport} -j ACCEPT
iptables -I OUTPUT -p udp -m multiport --sport 53,${xport},${gport} -j ACCEPT
iptables -I INPUT -p udp --dport 1024:65535 -j ACCEPT
fi
if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]]; then
service iptables save
service iptables restart
echo -e "${OK} ${GreenBG} 防火墙 重启 完成 ${Font}"
else
netfilter-persistent save
systemctl restart iptablesnetfilter-persistent:53 80
来自
标签:
发表回复