#!/bin/bash
# 清空防火墙规则
iptables -t raw -F PREROUTING
#port_file.txt是需要关闭/打开的ip名单

close_port() {
    #封锁的端口
    iptables -t raw -I PREROUTING -p tcp --dport $1 -j DROP
    echo "提示: $1 端口封锁规则添加完毕"
}


if [ -f port_file.txt ] 
then
    for port in `cat port_file.txt`
    do
        #$port 是纯空格、空串、回车行是空白行等，都会被视为空
        #-n 是非空判断
        if [ -n "$port" ]; then
            close_port $port 
        fi
    done


    os_info=`cat /etc/os-release`
    if echo "$os_info" | grep 'Ubuntu'; 
    then
        echo "Ubuntu!"
        sudo iptables-save > /etc/iptables.up.rules
        sudo iptables-restore < /etc/iptables.up.rules
    else
        echo "$os_info"
        service iptables save
    fi
else
    echo "port_file.txt doesn't exist"
fi


#!/bin/bash
# 清空防火墙规则
iptables -t raw -F OUTPUT
#cat port_file.txt 是需要关闭的端口名单;ip_file.txt是需要关闭的ip名单

close_ip() {
#封锁的IP
iptables -t raw  -I OUTPUT -p tcp -s $1 -j DROP
echo "提示: $1 封锁规则添加完毕"
}

if [ -f ip_file.txt ] 
then

    for ip in `cat ip_file.txt`
    do
        if [ -n "$ip" ]; then
            close_ip $ip 
        fi
    done

    os_info=`cat /etc/os-release`
    if echo "$os_info" | grep 'Ubuntu'; 
    then
        echo "Ubuntu!"
        sudo iptables-save > /etc/iptables.up.rules
        sudo iptables-restore < /etc/iptables.up.rules
    else
        echo "$os_info"
        service iptables save
    fi
else
    echo "ip_file.txt doesn't exist"
fi