標籤:squid iptables 上網行為管理
我是一個linux初學者,為了更好的學習linux,自己試著寫了一些指令碼,只為學習,和愛好。
英語不好,為了在終端上運行,所以勉強寫了幾句。
本指令碼是為了實現自動安裝squid,iptables,並實現上網行為管理的第一份指令碼。後續再將iptables的規則寫出來.
如有錯誤,或更好的實現方法,請大家一起討論,研究。
script:
#!/bin/bash
#This script auto configure ip address , hostanem , local yum ,
#and change firewall from firewalld to iptables ,
#and install squid proxy.
# This script by charhai
# mail:[email protected]
# 2016-12-01
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
shlog=/tmp/auto_install.log
echo_line(){
echo -e "\033[35m--------------------------------\033[0m"
}
#configure ip addresses.
ifcfgdir=/etc/sysconfig/network-scripts
#nethw=`ip link show | awk ‘/BROADCAST/{print $2}‘ | cut -d":" -f1 | awk ‘{print NR,$0}‘`
nmcli dev status | awk ‘/ethernet/{print $1}‘ | awk ‘{print NR,$1}‘ > /tmp/nmclifile
net_config(){
read -p "input lan‘s ip address. exap: 192.169.1.1 ! : " lan_ip
read -p "input netmask. exap: 24 : " lan_mask
read -p "input lan‘s gateway ip addrss. :" lan_gw
read -p "input lan dns1 ip address. :" lan_dns1
read -p "input lan dns2 ip address. :" lan_dns2
nmcli con add type ethernet con-name lan ifname ${lan} ip4 ${lan_ip}/${lan_mask}
# nmcli con add type ethernet con-name lan ifname ${lan} ip4 ${lan_ip}/${lan_mask} gw4 ${lan_gw}
nmcli con mod lan ipv4.dns "${lan_dns1} ${lan_dns2}"
rm -rf ${ifcfgdir}/ifcfg-${lan}
nmcli con up lan
echo -e "input subnets. exap : \033[35m192.168.0.0/22,192.168.9.0/24\033[0m "
read -p ‘>>>‘ gws
langws=`echo ${gws} | awk ‘BEGIN{RS=","} {print $1}‘`
for i in ${langws} ; do
echo "${i} via ${lan_gw} dev ${lan}" >> ${ifcfgdir}/route-lan
done
if [ ! -z $wan ] ; then
read -p "input wan‘s ip address. exap:182.10.10.10/24 :" wan_ip
read -p "input netmask. exap: 24 ! : " wan_mask
read -p "input wan gateway‘s ip address. :" wan_gw
read -p "input wan dns1 ip address. :" wan_dns1
read -p "input wan dns2 ip address. :" wan_dns2
rm -rf ${ifcfgdir}/ifcfg-${wan}
nmcli con add type ethernet con-name wan ifname ${wan}} ip4 ${wan_ip}/${wan_mask} gw4 ${wan_gw}
nmcli con mod wan ipv4.dns "${wan_dns1} ${wan_dns2}"
nmcli con up wan
fi
}
echo_line
cat /tmp/nmclifile
echo_line
read -p "choice lan network card‘s name,press any key scripts is exit . : " net_choice
case ${net_choice} in
1)
lan=`cat /tmp/nmclifile | grep 1 | awk ‘{print $2}‘`
wan=`cat /tmp/nmclifile | grep 2 | awk ‘{print $2}‘`
net_config
;;
2)
lan=`echo ${nethw} | grep 2 | awk ‘{print $2}‘`
wan=`echo ${nethw} | grep 1 | awk ‘{print $2}‘`
net_config
;;
*)
echo "scripts is exit!"
exit 1
;;
esac
rm -rf /tmp/nmclifile
#configure hostname.
echo_line
read -p "change hostname?,y or n " choice_name
case $choice_name in
y)
read -p "input hostname ,exap : squid.xinyiglass.dy! :" host_name
hostnamectl set-hostname ${host_name}
only_name=`echo ${host_name} | cut -d"." -f1`
cp /etc/hosts /etc/hosts.bk && sed -i ‘3,$d‘ /etc/hosts
echo "${lan_ip} ${only_name} ${host_name}" >> /etc/hosts
;;
n)
echo "use default hostname,`hostname`!"
;;
esac
#restart network.service.
echo_line
systemctl restart network.service
#configure yum repos.
lcyum(){
yum_dir=/etc/yum.repos.d
mkdir ${yum_dir}.bk
mkdir /media/cdrom
mount /dev/cdrom /media/cdrom
find ${yum_dir} -name *.repo -exec mv {} ${yum_dir}.bk \;
}
#create yum repos files.
yum_config(){
yum_dir=/etc/yum.repos.d
cat > ${yum_dir}/CentOS-Media.repo << EOF
[c7-media]
name=CentOS-$releasever - Media
baseurl=file:///media/cdrom/
gpgcheck=1
enabled=1
gpgkey=file:///media/cdrom/RPM-GPG-KEY-CentOS-7
EOF
sleep 1
if [ -f /media/cdrom/RPM-GPG-KEY-CentOS-7 ] ; then
echo "cdrom is mounted."
echo "use local yum repos."
yum clean all &> /dev/null
alias yum=‘yum --disablerepo=\* --enablerepo=c7-media‘
yum makecache &> /dev/null
else
echo "cdrom is not mounted,use default yum repos."
rm -rf ${yum_dir}/*
cp -a ${yum_dir}.bk/* $yum_dir}
yum clean all &> /dev/null
yum makcache &> /dev/null
fi
}
echo_line
echo "input y use local yum repos."
echo "input n use internet yum repos."
echo "press any key exit scripts."
echo_line
read -p "choice y or n ." cdr
case ${cdr} in
y)
lcyum
yum_config
;;
Y)
lcyum
yum_config
;;
n)
echo "use internet yum repos."
yum clean all &> /dev/null
;;
*)
echo "scripts is exited"
exit 1
;;
esac
echo_line
echo ""
#change firewall from firewalld to iptables.
echo_line
echo "change firewall from firewalld to iptables"
echo_line
systemctl stop firewalld.service
systemctl disable firewalld.service &> /dev/null
yum install iptables-services -y
systemctl enable iptables &> /dev/null
systemctl restarte iptables
iptables -A INPUT -d ${lan_ip} -p tcp --dport=22 -J ACCEPT
#install squid proxy software.
echo_line
echo " Install squid "
yum install squid -y
本文出自 “執著” 部落格,請務必保留此出處http://charhai.blog.51cto.com/440887/1878945
自動安裝squid+iptables上網代理及上網行為管理指令碼(一)。