#!/bin/sh
echo "Kaveen's TCP Redirect SCRIPT"
clear
read -p "Port:" port
echo ""
read -p "Customer IP:" cusip
echo ""
read -p "Your Filtered IP:" filip
echo ""
read -p "Your Secondary IP:" secip
echo "Generating TCP Redirect on port $port from your ip $filip to customer ip $cusip"
iptables -t nat -A PREROUTING -p tcp -d $filip --dport $port -j DNAT --to-destination $cusip
echo "TCP Redirect 1/2 OK"
iptables -A FORWARD -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
echo "TCP Redirect 2/2 OK"
iptables -t nat -A POSTROUTING -d $cusip -j SNAT --to-source $secip
echo "Better Traffic Movement rule 1/1 OK"
iptables -t nat -A POSTROUTING -j SNAT --to-source $filip
echo "Player Movement Rule 1/1 OK"
echo "Generating reset script...."
echo "#!/bin/sh" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
chmod +x reset.sh
echo "Reset script creation OK"
echo "Reset script can be used via ./reset.sh in directory:"
pwd
echo "TCP Redirect made from $fillip to $cusip on port $port"我已经制作了一个 iptables TCP 重定向脚本,如上所述。 我想做到这一点,例如,如果 iptables 命令之一失败,就在那里停止脚本而不运行其下面的任何内容,我该怎么做?
最佳答案
最简单的事情可能是添加 errexit 选项。这在 shebang 中最容易实现:
echo "#!/bin/sh -e" >> reset.sh
但是您确实应该考虑在整个脚本中使用定界符:
cat << \EOF > reset.sh
#!/bin/sh -e
iptables -F
iptables -X
...
iptables -P OUTPUT ACCEPT
EOF
关于linux - 在脚本中调用多个退出点,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31909497/