A shell script to open/close an appointed port in linux via iptables firewall。
[Chinese]一个利用iptables打开/关闭linux上制定端口的脚本
Firstly, I just want to close the NTP service port 37, so I just do that:
:~# iptables -A INPUT --dport 37 -j DROP
but I got an error:
iptables v1.2.11: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.
Then I fixed it, for the '--dport' arg should be used with the '-d' or '-p' args, couldn't use alone.
:~# iptables -A INPUT -p udp -d 172.31.3.153 --dport 37 -j DROP
Now it works.
Then I just write a script to do close/open appointed port work.
#!/bin/sh
if [[ $# -lt 1 || "$1" != "close" && "$1" != "open" ]]
then
echo "Usage: port37.sh open/close"
exit 1
fi
HOSTIP="172.31.3.153"
# set variables according to param 1
if [ $1 == "open" ]; then
COMMAND_ARG="-D"
if [ !$(iptables --list |grep $HOSTIP) ]; then
echo "Port 37 is opened."
exit 1
fi
else
COMMAND_ARG="-A"
if iptables --list |grep $HOSTIP > /dev/null ; then
echo "Port 37 is closed"
exit 1
fi
fi
iptables $COMMAND_ARG INPUT -p udp -d $HOSTIP --dport 37 -j DROP
this script wors under debian 3.3.
Thanks Google.
阅读(347) | 评论(0) | 转发(0) |