|
|
@ -9,31 +9,30 @@ ssh_port=$1 |
|
|
|
#初始化软件 |
|
|
|
#初始化软件 |
|
|
|
init_soft(){ |
|
|
|
init_soft(){ |
|
|
|
echo '--------------------------------------------------------------'; |
|
|
|
echo '--------------------------------------------------------------'; |
|
|
|
echo 'Install curl/wget and firewalld.' |
|
|
|
echo 'Install curl/wget and ufw.' |
|
|
|
echo '--------------------------------------------------------------'; |
|
|
|
echo '--------------------------------------------------------------'; |
|
|
|
#更新软件 |
|
|
|
#更新软件 |
|
|
|
apt-get update |
|
|
|
apt-get update |
|
|
|
#使用nftables |
|
|
|
#使用nftables |
|
|
|
update-alternatives --set iptables /usr/sbin/iptables-nft |
|
|
|
#update-alternatives --set iptables /usr/sbin/iptables-nft |
|
|
|
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft |
|
|
|
#update-alternatives --set ip6tables /usr/sbin/ip6tables-nft |
|
|
|
update-alternatives --set arptables /usr/sbin/arptables-nft |
|
|
|
#update-alternatives --set arptables /usr/sbin/arptables-nft |
|
|
|
update-alternatives --set ebtables /usr/sbin/ebtables-nft |
|
|
|
#update-alternatives --set ebtables /usr/sbin/ebtables-nft |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#安装必要软件 |
|
|
|
#安装必要软件 |
|
|
|
apt-get -y install curl wget |
|
|
|
apt-get -y install curl wget ufw |
|
|
|
apt-get -y install firewalld |
|
|
|
#apt-get -y install firewalld |
|
|
|
#启动firewalld |
|
|
|
#启动firewalld |
|
|
|
systemctl start firewalld && systemctl enable firewalld |
|
|
|
#systemctl start firewalld && systemctl enable firewalld |
|
|
|
|
|
|
|
|
|
|
|
#FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables |
|
|
|
#FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables |
|
|
|
#针对上面的错误,需要将iptables更换为nftables |
|
|
|
#针对上面的错误,需要将iptables更换为nftables |
|
|
|
sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf |
|
|
|
#sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf |
|
|
|
|
|
|
|
|
|
|
|
#放行常见端口 |
|
|
|
#放行常见端口 |
|
|
|
firewall-cmd --zone=public --add-port=80/tcp --permanent |
|
|
|
ufw allow 80 |
|
|
|
firewall-cmd --zone=public --add-port=443/tcp --permanent |
|
|
|
ufw allow 443 |
|
|
|
firewall-cmd --reload |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
#初始化SSH配置 |
|
|
|
#初始化SSH配置 |
|
|
@ -43,8 +42,7 @@ init_ssh(){ |
|
|
|
echo 'Modifying SSH port.' |
|
|
|
echo 'Modifying SSH port.' |
|
|
|
echo '--------------------------------------------------------------'; |
|
|
|
echo '--------------------------------------------------------------'; |
|
|
|
#先放行端口 |
|
|
|
#先放行端口 |
|
|
|
firewall-cmd --zone=public --add-port=${ssh_port}/tcp --permanent |
|
|
|
ufw allow ${ssh_port} |
|
|
|
firewall-cmd --reload |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#修改ssh配置文件 |
|
|
|
#修改ssh配置文件 |
|
|
|
#修改SSH端口 |
|
|
|
#修改SSH端口 |
|
|
|