Centos下防火墙+ss多端口脚本

Note Linux

字数统计: 724阅读时长: 4 min

 2019/02/10 

目的

开启SS之后，添加多端口再去打开防火墙比较麻烦，做了一个一键脚本。

代码

简易，不带Shadowsocks安装检查

#!/bin/sh
method="aes-256-cfb"
mup="6001"
log="./add.log"

echo -e -n "add: {\"server_port\": $1, \"password\":\"$2\"}" > /dev/udp/127.0.0.1/$mup

tcp=$(firewall-cmd --zone=public --add-port=$1/tcp --permanent)
echo "TCP端口 $1 开放操作: $tcp"

udp=$(firewall-cmd --zone=public --add-port=$1/udp --permanent)
echo "udp端口 $1 开放操作: $udp"

rel=$(firewall-cmd --reload)
echo "防火墙重启操作: $rel"

echo "IP:$(curl ipinfo.io/ip) 端口:$1 密码:$2"

if [ ! -f "$log" ]; then

    echo -e -n "\"$1\":\"$2\"" >> add.log

else

    echo -e -n ",\n\"$1\":\"$2\"" >> add.log

fi

# base64链接
link=$( base64 <<< "$method:$2@$(get_ip):$1" )

echo "ss://$link"

其中获得IP的函数，依赖curl，需要能够访问两个网站：
‘ipinfo.io’
和
‘ipv4.icanhazip.com’

get_ip(){
  IP = $(curl ipinfo.io/ip)
  echo ${IP}
}

或

get_ip(){
  IP = $(curl ipv4.icanhazip.com)
  echo ${IP}
}

通过查看本地网络连接信息的方式也可，用正则表达式筛选

get_ip(){
    local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
    echo ${IP}
}

带安装检查

#!/bin/sh

# 一些常量
method="aes-256-cfb"
mup="6001"
log="./add.log"

install_sth(){
    source /etc/os-release
    case $ID in
        debian|ubuntu|devuan)
            apt-get install -y $1
            ;;
        centos|fedora|rhel)
            yum install -y $1
            ;;
        *)
            exit 1
            ;;
    esac
}

get_ip(){
    local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
    [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
    [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipinfo.io/ip )
    echo ${IP}
}

add_port(){
    echo -e -n "add: {\"server_port\": $1, \"password\":\"$2\"}" > /dev/udp/127.0.0.1/$mup
    tcp=$(firewall-cmd --zone=public --add-port=$1/tcp --permanent)
    echo "TCP端口 $1 开放操作: $tcp"

    udp=$(firewall-cmd --zone=public --add-port=$1/udp --permanent)
    echo "udp端口 $1 开放操作: $udp"

    rel=$(firewall-cmd --reload)
    echo "防火墙重启操作: $rel"

    echo "IP:$(get_ip) 端口:$1 密码:$2"

    # base64链接
    link=$( base64 <<< "$method:$2@$(get_ip):$1" )

    echo "ss://$link"
}

start_check(){
    process=`ps aux | grep ssserver | grep -v grep`;
    if [ "$process" == "" ]; then
        echo "Shaodwsock is not running"
        ssserver -p 443 -k bean -m aes-256-cfb --manager-address 127.0.0.1:6001 -d start
        firewall-cmd --zone=public --add-port=443/tcp --permanent
        firewall-cmd --zone=public --add-port=443/udp --permanent
        firewall-cmd --reload
        if [ -f "$log" ]; then
            for line in `cat $log`
                do
                line=$(echo $line | tr -d "\"")
                por=${line%:*}
                pwd=${line#*:}
                add_port $por $pwd
                echo "port:$por,pwd:$pwd"
            done
        fi
    else
        echo "Shaodwsock is running"
    fi
}


if ! [ -x "$(command -v pip)" ]; then
  echo 'Python-pip is not installed.'
  install_sth epel-release >&1
  install_sth python-pip >&1
fi

if ! [ -x "$(command -v ssserver)" ]; then
  echo 'Shadowsocks is not installed.'
  pip install shadowsocks
fi

start_check

if [ -n "$1" ]; then
    echo "Add new $2@$1"
    add_port $1 $2
    echo -e "\"$1\":\"$2\"" >> add.log
else
    echo "No port to Add"

fi

一键安装

wget --no-check-certificate https://raw.githubusercontent.com/BeanYa/OneScript/master/plane.sh && bash plane.sh

原文作者：Bean

原文链接：http://bean.ink/2019/02/10/Linux-2019-02-10-Centos下防火墙-ss多端口脚本/

发表日期：February 10th 2019, 2:40:31 am

更新日期：December 25th 2024, 10:04:27 pm

Next Post

查询本机IP
Previous Post

Travis+Hexo自动推送博客

CATALOG

1. 目的
1. 1.1. 代码