作者:朱明宇
名称:取消所有已开放的端口策略
作用:取消所有已开放的端口策略
1. 给此脚本添加执行权限
2. 执行此脚本
#!/bin/bash
systemctl start firewalld
systemctl enable firewalld
for i in `firewall-cmd --list-all | grep ports | egrep [0-9] | awk -F':' '{print $2}'`
do
pports=`echo $i | awk -F'/' '{print $1}'`
ptus=`echo $i | awk -F'/' '{print $2}'`
firewall-cmd --remove-port=$pports/$ptus --permanent
done
firewall-cmd --add-service=ssh --permanent
firewall-cmd --reload作者:朱明宇
名称:取消所有已设置的复杂端口策略
作用:取消所有已设置的复杂端口策略
1. 给此脚本添加执行权限
2. 执行此脚本
#!/bin/bash
systemctl start firewalld
systemctl enable firewalld
max=`firewall-cmd --list-all | grep "rule family" | wc -l`
for i in `seq 1 $max`
do
echo $i
lines=`firewall-cmd --list-all | grep "rule family" | sed -n $[i]p`
ipvs=`echo $lines | awk -F'"' '{print $2}'`
ips=`echo $lines | awk -F'"' '{print $4}'`
ports=`echo $lines | awk -F'"' '{print $6}'`
tus=`echo $lines | awk -F'"' '{print $8}'`
acts=`echo $lines | awk -F'"' '{print $9}'`
echo $ipvs $ips $ports $tus $acts
firewall-cmd --remove-rich-rule="rule family="$ipvs" source address="$ips" port protocol="$tus" port="$ports" $acts" --permanent
done
firewall-cmd --add-service=ssh --permanent
firewall-cmd --reload作者:朱明宇
名称:开放所有正处于监听状态的端口策略
作用:开放所有正处于监听状态的端口策略
1. 给此脚本添加执行权限
2. 执行此脚本
#!/bin/bash
systemctl start firewalld
systemctl enable firewalld
for k in `ss -ntulap |grep 0.0.0.0 | grep LISTEN | awk '{print $5}' | awk -F':' '{print $2}'`
do
firewall-cmd --add-port=$k/tcp --permanent
done
firewall-cmd --reload作者:朱明宇
名称:批量对多个 IP 地址开发多个端口策略
作用:批量对多个 IP 地址开发多个端口策略
1. 在此脚本的分割线内写入相应的内容
2. 给此脚本添加执行权限
3. 执行此脚本
1.ips=”192.168.2.1 192.168.1.0/24″ #要开放端口的 IP 地址
2.ports”22 3306 8080-8090″ #要开放的端口
#!/bin/bash
####################### Separator ########################
ips="192.168.2.1 192.168.1.0/24"
ports"22 3306 8080-8090"
####################### Separator ########################
systemctl start firewalld
systemctl enable firewalld
for i in $ips
do
for j in $ports
do
firewall-cmd --add-rich-rule="rule family="ipv4" source address="$i" port protocol="tcp" port="$j" accept" --permanent
done
echo $i done
echo
done
firewall-cmd --reload# nmcli network on或者:
# nmcli net on# nmcli network off或者:
# nmcli net off# nmcli connection show或者:
# nmcli conneciton或者:
# nmcli con show或者:
# nmcli con# nmcli connection show --active或者:
# nmcli conneciton --active或者:
# nmcli con show --active或者:
# nmcli con --active# nmcli device connect <network device name>或者:
# nmcli dev con <network device name># nmcli device status或者:
# nmcli dev status# nmcli connection add con-name <custom network card alias> ifname <network device name> type ethernet(补充:这里 con-name 是指要指定一个自定义的网卡别名,ifname 是指要指明网络设备名)
或者:
# nmcli con add con-name <custom network card alias> ifname <network device name> type ethernet(补充:这里 con-name 是指要指定一个自定义的网卡别名,ifname 是指要指明网络设备名)
# nmcli connection delete <custom network card alias>或者:
# nmcli con del <custom network card alias># nmcli device connect <network device name>或者:
# nmcli dev con <network device name># nmcli device disconnect <network device name>或者:
# nmcli dev dis <network device name># nmcli connection modify <custom network card alias> ipv4.address <IP address>/<subnet mask> ipv4.gateway <gateway IP address> ipv4.dns <DNS IP address> autoconnect yes# nmcli connection modify eth0 ipv4.address 192.168.1.1/24 ipv4.gateway 192.168.1.1 ipv4.dns 192.168.1.254 autoconnect yes(补充:这里以添加给 eth0 添加 IP 地址 192.168.1.1/24,网关 IP 地址 192.168.1.1,DNS 192.168.1.254 为例)
# nmcli connection up <custom network card alias># nmcli connection down eth0# nmcli con mod <custom network card alias> ipv4.routes "<network segment> <gateway IP address>"# nmcli con mod eth0 ipv4.routes "192.168.2.0/24 192.168.3.1"(补充:这里以给 eth0 网卡添加 192.168.2.0/24 通过 192.168.3.1 的路由为例)
# nmcli connection up <custom network card alias># nmcli connection up eth0(补充:这里以让 eth0 生效为例)