FirewallD 端口转发脚本
#!/bin/bash # 规则数组 forward_ports= # 规则记录数 count= # 获取当前所有转发端口 function fetch_forward_rules { forward_ports=( $(firewall-cmd --list-forward) ) count=${#forward_ports[@]} } function print_cur_rules { fetch_forward_rules # 打印所有转发端口,添加序号 local i=1 echo "================ 当前所有转发规则 ================" for port in "${forward_ports[@]}"; do echo "$i. $port" ((i++)) done echo "===============================================" } function add_rule() { read -rp "请输入协议 (tcp 或 udp 默认: tcp): " proto proto=${proto:-tcp} read -rp "请输入本地端口号或范围 (例如: 80, 8080, 8000-8010): " port read -rp "请输入远端端口号或范围 (例如: 80, 8080, 8000-8010 默认:相同端口): " toport toport=${toport:-${port}} read -rp "请输入远端地址 (例如: 192.168.1.1): " toaddr local rule="port=$port:proto=$proto:toport=$toport:toaddr=$toaddr" # 添加转发规则 firewall-cmd --add-forward "$rule" --permanent && firewall-cmd --reload if test $? -eq 0; then echo "已添加转发规则: $port ($proto) -> $toaddr:$toport" #echo "同步操作到k8s-lb2..." #ssh root@k8s-lb2 "firewall-cmd --add-forward $rule --permanent && firewall-cmd --reload" else echo "添加转发规则失败!" >&2 fi } function del_rule() { fetch_forward_rules print_cur_rules # 判断是否有转发规则 if [[ $count -le 0 ]]; then echo "当前没有转发规则!" exit 0 fi read -rp "请输入需要删除的规则序号(1-${count}): " port_index # 校验输入的序号是否合法 if [[ $port_index -gt 0 && $port_index -le ${count} ]]; then # 获取要删除的端口 port_to_delete=${forward_ports[$((port_index - 1))]} # 打印选中的规则,进行二次确认 echo "您选择删除的规则是: $port_to_delete" read -rp "是否确认删除 (Y/N): " confirm confirm=$(echo "$confirm" | tr '[:upper:]' '[:lower:]') # 如果确认删除 if [[ "$confirm" == "y" ]]; then # 删除转发规则 firewall-cmd --remove-forward "$port_to_delete" --permanent && firewall-cmd --reload if test $? -eq 0; then echo "已删除转发规则: $port_to_delete" #echo "同步操作到k8s-lb2..." #ssh root@k8s-lb2 "firewall-cmd --remove-forward $port_to_delete --permanent && firewall-cmd --reload" else echo "删除转发规则失败!" >&2 fi else echo "已取消删除操作。" fi else echo "无效的端口序号!$port_index" fi } function main() { # 用户选择添加或删除端口 read -rp "请选择操作 (查看: P, 添加: A, 删除: D, 退出: Q): " choice choice=$(echo "$choice" | tr '[:upper:]' '[:lower:]') # 查看 if [[ "$choice" == "p" ]]; then print_cur_rules main # 添加 elif [[ "$choice" == "a" ]]; then add_rule main # 删除 elif [[ "$choice" == "d" ]]; then del_rule main # 退出 elif [[ "$choice" == "q" ]]; then exit 0 # 无效选择 else echo "无效选择!" main fi echo "" } echo "╔═════════════════════════════════════════════════════╗" echo "║ FirewallD交互式端口转发配置脚本 ║" echo "║ v1.0 ║" echo "╚═════════════════════════════════════════════════════╝" echo "" main