Randall/Some-Shell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Randall:1174563c4f9d03db5c44a2ee9f885e374f5538ba
Branches Tags
Randall:main
..
compare: Randall:348ee1e9066f713fedc4dad03613b61ece4e75a4
Branches Tags
Randall:main

No commits in common. "1174563c4f9d03db5c44a2ee9f885e374f5538ba" and "348ee1e9066f713fedc4dad03613b61ece4e75a4" have entirely different histories.
1174563c4f ... 348ee1e906

5 changed files with 0 additions and 352 deletions
Show Stats Expand all files Collapse all files

55
pve/port_forward/README.md
View File

@ -1,55 +0,0 @@
# `pve` 端口转发配置脚本
## 使用说明
这个脚本适配了 `pve` 实现端口转发的功能
## 使用方法
### 列出当前端口转发
```shell
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/pve/port_forward/port_forward.sh | bash -s list
```
### 添加端口转发
1. 添加 `ipv4` 端口转发
```shell
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/pve/port_forward/port_forward.sh | bash -s add ipv4 1822 10.0.18.2 22
```
2. 添加 `ipv6` 端口转发
```shell
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/pve/port_forward/port_forward.sh | bash -s add ipv6 1822 fd00:18::2 22
```
### 删除端口转发
1. 删除 `ipv4` 端口转发
```shell
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/pve/port_forward/port_forward.sh | bash -s delete ipv4 1822 10.0.18.2 22
```
2. 删除 `ipv6` 端口转发
```shell
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/pve/port_forward/port_forward.sh | bash -s delete ipv6 1822 fd00:18::2 22
```
### 修改端口转发
1. 修改 `ipv4` 端口转发
```shell
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/pve/port_forward/port_forward.sh | bash -s modify ipv4 1822 1823 10.0.18.2 22
```
2. 修改 `ipv6` 端口转发
```shell
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/pve/port_forward/port_forward.sh | bash -s modify ipv6 1822 1823 fd00:18::2 22
```

115
pve/port_forward/port_forward.sh
View File

@ -1,115 +0,0 @@
#!/bin/bash
# 添加端口转发的函数
add_forwarding() {
local proto=$1
local external_port=$2
local internal_ip=$3
local internal_port=$4
if [ "$proto" == "ipv4" ]; then
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport $external_port -j DNAT --to-destination $internal_ip:$internal_port
iptables -A FORWARD -p tcp -d $internal_ip --dport $internal_port -j ACCEPT
echo "已添加 IPv4 转发: $external_port -> $internal_ip:$internal_port"
elif [ "$proto" == "ipv6" ]; then
ip6tables -t nat -A PREROUTING -i vmbr0 -p tcp --dport $external_port -j DNAT --to-destination [$internal_ip]:$internal_port
ip6tables -A FORWARD -p tcp -d $internal_ip --dport $internal_port -j ACCEPT
echo "已添加 IPv6 转发: $external_port -> $internal_ip:$internal_port"
else
echo "无效的协议。请使用 'ipv4' 或 'ipv6'。"
fi
}
# 删除端口转发的函数
delete_forwarding() {
local proto=$1
local external_port=$2
local internal_ip=$3
local internal_port=$4
if [ "$proto" == "ipv4" ]; then
iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport $external_port -j DNAT --to-destination $internal_ip:$internal_port
iptables -D FORWARD -p tcp -d $internal_ip --dport $internal_port -j ACCEPT
echo "已删除 IPv4 转发: $external_port"
elif [ "$proto" == "ipv6" ]; then
ip6tables -t nat -D PREROUTING -i vmbr0 -p tcp --dport $external_port -j DNAT --to-destination [$internal_ip]:$internal_port
ip6tables -D FORWARD -p tcp -d $internal_ip --dport $internal_port -j ACCEPT
echo "已删除 IPv6 转发: $external_port"
else
echo "无效的协议。请使用 'ipv4' 或 'ipv6'。"
fi
}
# 列出当前端口转发的函数
list_forwardings() {
echo "IPv4 转发:"
iptables -t nat -L PREROUTING -v -n
echo ""
echo "IPv6 转发:"
ip6tables -t nat -L PREROUTING -v -n
}
# 修改端口转发的函数
modify_forwarding() {
local proto=$1
local old_external_port=$2
local new_external_port=$3
local internal_ip=$4
local internal_port=$5
# 删除旧的转发规则
delete_forwarding $proto $old_external_port $internal_ip $internal_port
# 添加新的转发规则
add_forwarding $proto $new_external_port $internal_ip $internal_port
}
# 显示用法信息
usage() {
echo "用法: $0 {add|delete|modify|list} [选项]"
echo "命令:"
echo " add <ipv4|ipv6> <外部端口> <内部IP> <内部端口>"
echo " delete <ipv4|ipv6> <外部端口> <内部IP> <内部端口>"
echo " modify <ipv4|ipv6> <旧外部端口> <新外部端口> <内部IP> <内部端口>"
echo " list"
}
# 主脚本逻辑
if [ $# -lt 1 ]; then
usage
exit 1
fi
command=$1
shift
case "$command" in
add)
if [ $# -ne 4 ]; then
usage
exit 1
fi
add_forwarding "$@"
;;
delete)
if [ $# -ne 4 ]; then
usage
exit 1
fi
delete_forwarding "$@"
;;
modify)
if [ $# -ne 5 ]; then
usage
exit 1
fi
modify_forwarding "$@"
;;
list)
list_forwardings
;;
*)
usage
exit 1
;;
esac

28
ssh/restrict_ssh_access/README.md
View File

@ -1,28 +0,0 @@
# SSH 访问限制脚本
该脚本限制SSH访问端口22到指定的IPv4和/或IPv6地址。它会删除现有的22端口规则并添加新规则以仅允许来自指定IP地址的访问。该脚本支持`ufw`和`iptables`。如果两者都没有安装,它将安装`iptables`并配置必要的规则。
## 用法
使用`curl`运行脚本并将所需的IPv4和IPv6地址作为参数传入
```bash
curl -s https://git.randallanjie.com/Randall/Some-Shell/raw/branch/main/ssh/restrict_ssh_access/restrict_ssh_access.sh | bash -s -- -4 <IPv4地址> -6 <IPv6地址>
```
## 参数
- `-4`: 允许SSH访问的IPv4地址。
- `-6`: 允许SSH访问的IPv6地址。
## 脚本流程
- 脚本检查是否安装了ufw或iptables。
- 如果安装了ufw则调用configure_ufw()。
- 如果安装了iptables则调用configure_iptables()。
- 如果都没有安装则安装iptables并配置规则。
## 注意事项
- 修改防火墙规则需要根权限。
- 确保您指定了有效的IPv4和/或IPv6地址作为参数。
- 脚本不会修改其他现有的防火墙规则仅修改与22端口相关的规则。

91
ssh/restrict_ssh_access/restrict_ssh_access.sh
View File

@ -1,91 +0,0 @@
#!/bin/bash
# 获取命令行参数
while getopts ":4:6:" opt; do
case $opt in
4) ALLOWED_IPV4="$OPTARG"
;;
6) ALLOWED_IPV6="$OPTARG"
;;
\?) echo "无效的参数: -$OPTARG" >&2
exit 1
;;
esac
done
# 检查是否提供了IP地址
if [ -z "$ALLOWED_IPV4" ] && [ -z "$ALLOWED_IPV6" ]; then
echo "必须指定IPv4或IPv6地址"
exit 1
fi
# 更新包管理器并安装 iptables-persistent 以便在重启后保存规则
install_iptables() {
echo "正在安装iptables..."
apt-get update
apt-get install -y iptables ip6tables iptables-persistent
}
# 配置 ufw
configure_ufw() {
echo "配置ufw规则"
# 移除现有的22端口规则
ufw delete allow 22/tcp
# 允许指定IP地址访问22端口
if [ -n "$ALLOWED_IPV4" ]; then
ufw allow from $ALLOWED_IPV4 to any port 22 proto tcp
fi
if [ -n "$ALLOWED_IPV6" ]; then
ufw allow from $ALLOWED_IPV6 to any port 22 proto tcp
fi
# 启用ufw
ufw reload
# 显示当前的ufw状态
ufw status verbose
}
# 配置 iptables
configure_iptables() {
echo "配置iptables规则"
# 移除现有的22端口规则
iptables -D INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 22 -j ACCEPT
# 允许指定IP地址访问22端口
if [ -n "$ALLOWED_IPV4" ]; then
iptables -A INPUT -p tcp -s $ALLOWED_IPV4 --dport 22 -j ACCEPT
fi
if [ -n "$ALLOWED_IPV6" ]; then
ip6tables -A INPUT -p tcp -s $ALLOWED_IPV6 --dport 22 -j ACCEPT
fi
# 保存iptables规则
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# 使规则在重启后生效
netfilter-persistent save
netfilter-persistent reload
}
# 检查是否安装了ufw或iptables
if command -v ufw &> /dev/null
then
configure_ufw
elif command -v iptables &> /dev/null
then
configure_iptables
else
echo "没有安装ufw或iptables正在安装iptables..."
install_iptables
configure_iptables
fi
echo "防火墙规则配置完成"

63
vpn/open_vpn_port/open_vpn_port.sh
View File

@ -1,63 +0,0 @@
#!/bin/bash
# 更新包管理器并安装 iptables-persistent 以便在重启后保存规则
install_iptables() {
echo "正在安装iptables..."
apt-get update
apt-get install -y iptables ip6tables iptables-persistent
}
# 配置 ufw
configure_ufw() {
echo "配置ufw规则"
# 允许所有IP访问2087, 2088, 2089端口使用TCP和UDP协议
for port in 2087 2088 2089; do
ufw allow $port/tcp
ufw allow $port/udp
done
# 启用ufw
ufw reload
# 显示当前的ufw状态
ufw status verbose
}
# 配置 iptables
configure_iptables() {
echo "配置iptables规则"
# 允许所有IP访问2087, 2088, 2089端口使用TCP和UDP协议
for port in 2087 2088 2089; do
iptables -A INPUT -p tcp --dport $port -j ACCEPT
iptables -A INPUT -p udp --dport $port -j ACCEPT
ip6tables -A INPUT -p tcp --dport $port -j ACCEPT
ip6tables -A INPUT -p udp --dport $port -j ACCEPT
done
# 保存iptables规则
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# 使规则在重启后生效
netfilter-persistent save
netfilter-persistent reload
}
# 检查是否安装了ufw或iptables
if command -v ufw &> /dev/null
then
configure_ufw
elif command -v iptables &> /dev/null
then
configure_iptables
else
echo "没有安装ufw或iptables正在安装iptables..."
install_iptables
configure_iptables
fi
echo "防火墙规则配置完成"