提交前检查代码
Check code before submitting
我做了一个iptables脚本如下:
#!/bin/sh
echo "Kaveen's TCP Redirect SCRIPT"
clear
read -p "Port:" port
echo ""
read -p "Customer IP:" cusip
echo ""
read -p "Your Filtered IP:" filip
echo ""
read -p "Your Secondary IP:" secip
echo "Generating TCP Redirect on port $port from your ip $filip to customer ip $cusip"
iptables -t nat -A PREROUTING -p tcp -d $filip --dport $port -j DNAT --to- destination $cusip
echo "TCP Redirect 1/2 OK"
iptables -A FORWARD -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
echo "TCP Redirect 2/2 OK"
iptables -t nat -A POSTROUTING -d $cusip -j SNAT --to-source $secip
echo "Better Traffic Movement rule 1/1 OK"
iptables -t nat -A POSTROUTING -j SNAT --to-source $filip
echo "Player Movement Rule 1/1 OK"
echo "Generating reset script...."
echo "#!/bin/sh" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
chmod +x reset.sh
echo "Reset script creation OK"
echo "Reset script can be used via ./reset.sh in directory:"
pwd
echo "TCP Redirect made from $fillip to $cusip on port $port"
现在如您所见,里面有一堆 iptables 命令,我想要一个函数,或者我可以通过某种方式检查这些命令,如果出现问题。
它 returns 失败了,我还想要一种方法来检查人们为 "Port" "Customer IP" 输入的是 PORTS 和 IP 地址,不是字母,单词,而是格式正确的 IP 和端口(对于第一个)
您可以使用 ip route get 来帮助确定输入的 IP 地址是否有效,假设您的机器应该能够路由到所有内容。如果您传递 IP 以外的内容,它将失败。
对于端口,你可以很容易地测试它是否是一个正整数,比如
if [[ $port =~ ^[0-9]+$ ]]; then
echo "It's a non-negative int!"
fi
如果你想知道它是否属于有效的端口范围,你可以测试它是否在你想要的范围内,比如
if [[ $port -gt 0 && $port -lt 65535 ]]; then
echo "Port is probably OK"
fi
可能有一种更简单的方法来检查 IP 部分,但是如果您不愿意接受看起来像 IP 但具有无效值(即八位字节大于 255)的字符串,那么检查它们会很麻烦,但是检查系统是否知道如何尝试将数据包发送到 IP 是一个快速 'n' 至少对我来说是肮脏的替身。
可以使用任何命令的成功或失败,ip route get 在这种情况下,在 if 中就像这样:
if ip route get $cusip &>/dev/null; then
echo "$cusip is an address I know how to route to"
else
echo "I either didn't know what $cusip is or don't know how to get there"
fi
我添加了 &>/dev/null 来隐藏命令的输出,因为我们不关心它说的是什么,我们只想知道是成功还是失败。
我做了一个iptables脚本如下:
#!/bin/sh
echo "Kaveen's TCP Redirect SCRIPT"
clear
read -p "Port:" port
echo ""
read -p "Customer IP:" cusip
echo ""
read -p "Your Filtered IP:" filip
echo ""
read -p "Your Secondary IP:" secip
echo "Generating TCP Redirect on port $port from your ip $filip to customer ip $cusip"
iptables -t nat -A PREROUTING -p tcp -d $filip --dport $port -j DNAT --to- destination $cusip
echo "TCP Redirect 1/2 OK"
iptables -A FORWARD -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
echo "TCP Redirect 2/2 OK"
iptables -t nat -A POSTROUTING -d $cusip -j SNAT --to-source $secip
echo "Better Traffic Movement rule 1/1 OK"
iptables -t nat -A POSTROUTING -j SNAT --to-source $filip
echo "Player Movement Rule 1/1 OK"
echo "Generating reset script...."
echo "#!/bin/sh" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
chmod +x reset.sh
echo "Reset script creation OK"
echo "Reset script can be used via ./reset.sh in directory:"
pwd
echo "TCP Redirect made from $fillip to $cusip on port $port"
现在如您所见,里面有一堆 iptables 命令,我想要一个函数,或者我可以通过某种方式检查这些命令,如果出现问题。
它 returns 失败了,我还想要一种方法来检查人们为 "Port" "Customer IP" 输入的是 PORTS 和 IP 地址,不是字母,单词,而是格式正确的 IP 和端口(对于第一个)
您可以使用 ip route get 来帮助确定输入的 IP 地址是否有效,假设您的机器应该能够路由到所有内容。如果您传递 IP 以外的内容,它将失败。
对于端口,你可以很容易地测试它是否是一个正整数,比如
if [[ $port =~ ^[0-9]+$ ]]; then
echo "It's a non-negative int!"
fi
如果你想知道它是否属于有效的端口范围,你可以测试它是否在你想要的范围内,比如
if [[ $port -gt 0 && $port -lt 65535 ]]; then
echo "Port is probably OK"
fi
可能有一种更简单的方法来检查 IP 部分,但是如果您不愿意接受看起来像 IP 但具有无效值(即八位字节大于 255)的字符串,那么检查它们会很麻烦,但是检查系统是否知道如何尝试将数据包发送到 IP 是一个快速 'n' 至少对我来说是肮脏的替身。
可以使用任何命令的成功或失败,ip route get 在这种情况下,在 if 中就像这样:
if ip route get $cusip &>/dev/null; then
echo "$cusip is an address I know how to route to"
else
echo "I either didn't know what $cusip is or don't know how to get there"
fi
我添加了 &>/dev/null 来隐藏命令的输出,因为我们不关心它说的是什么,我们只想知道是成功还是失败。