FirewallD 端口转发脚本

#!/bin/bash

# 规则数组
forward_ports=
# 规则记录数
count=

# 获取当前所有转发端口
function fetch_forward_rules {
  forward_ports=( $(firewall-cmd --list-forward) )
  count=${#forward_ports[@]}
}

function print_cur_rules {
  fetch_forward_rules
  # 打印所有转发端口，添加序号
  local i=1
  echo "================ 当前所有转发规则 ================"
  for port in "${forward_ports[@]}"; do
    echo "$i. $port"
    ((i++))
  done
  echo "==============================================="
}

function add_rule() {
  read -rp "请输入协议 (tcp 或 udp 默认: tcp): " proto
  proto=${proto:-tcp}
  read -rp "请输入本地端口号或范围 (例如: 80, 8080, 8000-8010): " port
  read -rp "请输入远端端口号或范围 (例如: 80, 8080, 8000-8010 默认:相同端口): " toport
  toport=${toport:-${port}}
  read -rp "请输入远端地址 (例如: 192.168.1.1): " toaddr
  local rule="port=$port:proto=$proto:toport=$toport:toaddr=$toaddr"

  # 添加转发规则
  firewall-cmd --add-forward "$rule" --permanent && firewall-cmd --reload
  if test $? -eq 0; then
    echo "已添加转发规则: $port ($proto) -> $toaddr:$toport"
    #echo "同步操作到k8s-lb2..."
    #ssh root@k8s-lb2 "firewall-cmd --add-forward $rule --permanent && firewall-cmd --reload"
  else
    echo "添加转发规则失败！" >&2
  fi
}

function del_rule() {
    fetch_forward_rules
    print_cur_rules
    # 判断是否有转发规则
    if [[ $count -le 0 ]]; then
      echo "当前没有转发规则！"
      exit 0
    fi

    read -rp "请输入需要删除的规则序号(1-${count}): " port_index

    # 校验输入的序号是否合法
    if [[ $port_index -gt 0 && $port_index -le ${count} ]]; then
      # 获取要删除的端口
      port_to_delete=${forward_ports[$((port_index - 1))]}

      # 打印选中的规则，进行二次确认
      echo "您选择删除的规则是: $port_to_delete"
      read -rp "是否确认删除 (Y/N): " confirm
      confirm=$(echo "$confirm" | tr '[:upper:]' '[:lower:]')

      # 如果确认删除
      if [[ "$confirm" == "y" ]]; then
        # 删除转发规则
        firewall-cmd --remove-forward "$port_to_delete" --permanent && firewall-cmd --reload
        if test $? -eq 0; then
          echo "已删除转发规则: $port_to_delete"
          #echo "同步操作到k8s-lb2..."
          #ssh root@k8s-lb2 "firewall-cmd --remove-forward $port_to_delete --permanent && firewall-cmd --reload"
        else
          echo "删除转发规则失败！" >&2
        fi
      else
        echo "已取消删除操作。"
      fi
    else
      echo "无效的端口序号！$port_index"
    fi
}

function main() {
    # 用户选择添加或删除端口
    read -rp "请选择操作 (查看: P, 添加: A, 删除: D, 退出: Q): " choice
    choice=$(echo "$choice" | tr '[:upper:]' '[:lower:]')

    # 查看
    if [[ "$choice" == "p" ]]; then
      print_cur_rules
      main
    # 添加
    elif [[ "$choice" == "a" ]]; then
      add_rule
      main
    # 删除
    elif [[ "$choice" == "d" ]]; then
      del_rule
      main
    # 退出
    elif [[ "$choice" == "q" ]]; then
      exit 0
    # 无效选择
    else
      echo "无效选择！"
      main
    fi
    echo ""
}

echo "╔═════════════════════════════════════════════════════╗"
echo "║          FirewallD交互式端口转发配置脚本            ║"
echo "║                                               v1.0  ║"
echo "╚═════════════════════════════════════════════════════╝"
echo ""
main