自動安裝squid+iptables上網代理及上網行為管理指令碼(一)。

來源:互聯網
上載者:User

標籤:squid iptables 上網行為管理



我是一個linux初學者,為了更好的學習linux,自己試著寫了一些指令碼,只為學習,和愛好。
英語不好,為了在終端上運行,所以勉強寫了幾句。
本指令碼是為了實現自動安裝squid,iptables,並實現上網行為管理的第一份指令碼。後續再將iptables的規則寫出來.
如有錯誤,或更好的實現方法,請大家一起討論,研究。


script:


#!/bin/bash
#This script auto configure ip address , hostanem , local yum ,
#and change firewall from firewalld to iptables ,
#and install squid proxy.
# This script by charhai
# mail:[email protected]
# 2016-12-01

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
shlog=/tmp/auto_install.log

echo_line(){
echo -e "\033[35m--------------------------------\033[0m"
}

#configure ip addresses.
ifcfgdir=/etc/sysconfig/network-scripts
#nethw=`ip link show | awk ‘/BROADCAST/{print $2}‘ | cut -d":" -f1 | awk ‘{print NR,$0}‘`

nmcli dev status | awk ‘/ethernet/{print $1}‘ | awk ‘{print NR,$1}‘ > /tmp/nmclifile

net_config(){
 read -p "input lan‘s ip address. exap: 192.169.1.1 ! : " lan_ip
 read -p "input netmask.  exap: 24  : " lan_mask
 read -p "input lan‘s gateway ip addrss.  :" lan_gw
 read -p "input lan dns1 ip address.  :" lan_dns1
 read -p "input lan dns2 ip address.  :" lan_dns2
 nmcli con add type ethernet con-name lan ifname ${lan} ip4 ${lan_ip}/${lan_mask}
# nmcli con add type ethernet con-name lan ifname ${lan} ip4 ${lan_ip}/${lan_mask} gw4 ${lan_gw}
 nmcli con mod lan ipv4.dns "${lan_dns1} ${lan_dns2}"
 rm -rf ${ifcfgdir}/ifcfg-${lan}
 nmcli con up lan
 echo -e "input subnets. exap : \033[35m192.168.0.0/22,192.168.9.0/24\033[0m "
 read -p ‘>>>‘ gws
 langws=`echo ${gws} | awk ‘BEGIN{RS=","} {print $1}‘`
 for i in ${langws} ; do
  echo "${i} via ${lan_gw} dev ${lan}" >> ${ifcfgdir}/route-lan
 done
if [ ! -z $wan ] ; then
 read -p "input wan‘s ip address. exap:182.10.10.10/24 :" wan_ip
 read -p "input netmask. exap: 24 ! : " wan_mask
 read -p "input wan gateway‘s ip address. :" wan_gw
 read -p "input wan dns1 ip address. :" wan_dns1
 read -p "input wan dns2 ip address. :" wan_dns2
 rm -rf ${ifcfgdir}/ifcfg-${wan}
 nmcli con add type ethernet con-name wan ifname ${wan}} ip4 ${wan_ip}/${wan_mask} gw4 ${wan_gw}
 nmcli con mod wan ipv4.dns "${wan_dns1} ${wan_dns2}"
 nmcli con up wan
fi
}

echo_line
cat /tmp/nmclifile
echo_line
read -p  "choice lan network card‘s name,press any key scripts is exit . : " net_choice
case ${net_choice} in
 1)
  lan=`cat /tmp/nmclifile | grep 1 | awk ‘{print $2}‘`
  wan=`cat /tmp/nmclifile | grep 2 | awk ‘{print $2}‘`
  net_config
  ;;
 2)
  lan=`echo ${nethw} | grep 2 | awk ‘{print $2}‘`
  wan=`echo ${nethw} | grep 1 | awk ‘{print $2}‘`
  net_config
  ;;
 *)
  echo "scripts is exit!"
  exit 1
  ;;
esac
rm -rf /tmp/nmclifile

#configure hostname.
echo_line
read -p "change hostname?,y or n " choice_name
case $choice_name in
 y)
 read -p "input hostname ,exap : squid.xinyiglass.dy! :"  host_name
 hostnamectl set-hostname ${host_name}
 only_name=`echo ${host_name} | cut -d"." -f1`
 cp /etc/hosts /etc/hosts.bk && sed -i ‘3,$d‘ /etc/hosts
 echo "${lan_ip} ${only_name} ${host_name}" >>  /etc/hosts
 ;;
 n)
 echo "use default hostname,`hostname`!"
 ;;
esac
#restart network.service.
echo_line
systemctl restart network.service 

#configure yum repos.
lcyum(){
 yum_dir=/etc/yum.repos.d
 mkdir ${yum_dir}.bk
 mkdir /media/cdrom
 mount /dev/cdrom /media/cdrom
 find ${yum_dir} -name *.repo -exec mv {} ${yum_dir}.bk \;
}

#create yum repos files.
yum_config(){
 yum_dir=/etc/yum.repos.d
 cat > ${yum_dir}/CentOS-Media.repo << EOF
[c7-media]
name=CentOS-$releasever - Media
baseurl=file:///media/cdrom/
gpgcheck=1
enabled=1
gpgkey=file:///media/cdrom/RPM-GPG-KEY-CentOS-7
EOF

 sleep 1

if [ -f /media/cdrom/RPM-GPG-KEY-CentOS-7 ] ; then
  echo "cdrom is mounted."
  echo "use local yum repos."
  yum clean all &> /dev/null
  alias yum=‘yum --disablerepo=\* --enablerepo=c7-media‘
  yum makecache &> /dev/null
 else
  echo "cdrom is not mounted,use default yum repos."
  rm -rf ${yum_dir}/*
  cp -a ${yum_dir}.bk/* $yum_dir}
  yum clean all &> /dev/null
  yum makcache &> /dev/null
fi
}
echo_line
echo "input y use local yum repos."
echo "input n use internet yum repos."
echo "press any key exit scripts."
echo_line
read -p "choice y or n ." cdr

case ${cdr} in
 y)
  lcyum
  yum_config
  ;;
 Y)
  lcyum
  yum_config
  ;;
 n)
  echo "use internet yum repos."
  yum clean all &> /dev/null
  ;;
 *)
  echo "scripts is exited"
  exit 1
  ;;
esac
echo_line
echo ""

#change firewall from firewalld to iptables.
echo_line
echo "change firewall from firewalld to iptables"
echo_line

systemctl stop firewalld.service
systemctl disable firewalld.service &> /dev/null
yum install iptables-services -y
systemctl enable iptables &> /dev/null
systemctl restarte iptables

iptables -A INPUT -d ${lan_ip} -p tcp --dport=22 -J ACCEPT

#install squid proxy software.
echo_line
echo " Install squid "
yum install squid -y



本文出自 “執著” 部落格,請務必保留此出處http://charhai.blog.51cto.com/440887/1878945

自動安裝squid+iptables上網代理及上網行為管理指令碼(一)。

相關文章

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.