本脚本是为了实现自动安装squid,iptables,并实现上网行为管理的第一份脚本。
后续再将iptables的规则与squid配置文件写出来.
如有错误,或更好的实现方法,请大家一起讨论,研究。
#!/bin/bash #This script auto configure ip address , hostname , local yum , #and change firewall from firewalld to iptables , #and install squid proxy. # This script by charhai # mail:charhai@vip.qq.com # 2016-12-01 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin echo_line(){ echo -e "\033[35m--------------------------------\033[0m" } #configure ip addresses. ifcfgdir=/etc/sysconfig/network-scripts #nethw=`ip link show | awk '/BROADCAST/{print $2}' | cut -d":" -f1 | awk '{print NR,$0}'` nmcli dev status | awk '/ethernet/{print $1}' | awk '{print NR,$1}' > /tmp/nmclifile net_config(){ read -p "input lan's ip address. exap: 192.169.1.1 ! : " lan_ip read -p "input netmask. exap: 24 : " lan_mask read -p "input lan's gateway ip addrss. :" lan_gw read -p "input lan dns1 ip address. :" lan_dns1 read -p "input lan dns2 ip address. :" lan_dns2 nmcli con add type ethernet con-name lan ifname ${lan} ip4 ${lan_ip}/${lan_mask} # nmcli con add type ethernet con-name lan ifname ${lan} ip4 ${lan_ip}/${lan_mask} gw4 ${lan_gw} nmcli con mod lan ipv4.dns "${lan_dns1} ${lan_dns2}" rm -rf ${ifcfgdir}/ifcfg-${lan} nmcli con up lan echo -e "input subnets. exap : \033[35m192.168.0.0/22,192.168.9.0/24\033[0m " read -p '>>>' gws langws=`echo ${gws} | awk 'BEGIN{RS=","} {print $1}'` for i in ${langws} ; do echo "${i} via ${lan_gw} dev ${lan}" >> ${ifcfgdir}/route-lan done if [ ! -z $wan ] ; then read -p "input wan's ip address. exap:182.10.10.10/24 :" wan_ip read -p "input netmask. exap: 24 ! : " wan_mask read -p "input wan gateway's ip address. :" wan_gw read -p "input wan dns1 ip address. :" wan_dns1 read -p "input wan dns2 ip address. :" wan_dns2 rm -rf ${ifcfgdir}/ifcfg-${wan} nmcli con add type ethernet con-name wan ifname ${wan}} ip4 ${wan_ip}/${wan_mask} gw4 ${wan_gw} nmcli con mod wan ipv4.dns "${wan_dns1} ${wan_dns2}" nmcli con up wan fi } echo_line cat /tmp/nmclifile echo_line read -p "choice lan network card's name,press any key scripts is exit . : " net_choice case ${net_choice} in 1) lan=`cat /tmp/nmclifile | grep 1 | awk '{print $2}'` wan=`cat /tmp/nmclifile | grep 2 | awk '{print $2}'` net_config ;; 2) lan=`echo ${nethw} | grep 2 | awk '{print $2}'` wan=`echo ${nethw} | grep 1 | awk '{print $2}'` net_config ;; *) echo "scripts is exit!" exit 1 ;; esac rm -rf /tmp/nmclifile #configure hostname. echo_line read -p "change hostname?,y or n " choice_name case $choice_name in y) read -p "input hostname ,exap : squid.exap.local! :" host_name hostnamectl set-hostname ${host_name} only_name=`echo ${host_name} | cut -d"." -f1` cp /etc/hosts /etc/hosts.bk && sed -i '3,$d' /etc/hosts echo "${lan_ip} ${only_name} ${host_name}" >> /etc/hosts ;; n) echo "use default hostname,`hostname`!" ;; esac #restart network.service. echo_line systemctl restart network.service #configure yum repos. lcyum(){ yum_dir=/etc/yum.repos.d mkdir ${yum_dir}.bk mkdir /media/cdrom mount /dev/cdrom /media/cdrom find ${yum_dir} -name *.repo -exec mv {} ${yum_dir}.bk \; } #create yum repos files. yum_config(){ yum_dir=/etc/yum.repos.d cat > ${yum_dir}/CentOS-Media.repo << EOF [c7-media] name=CentOS-$releasever - Media baseurl=file:///media/cdrom/ gpgcheck=1 enabled=1 gpgkey=file:///media/cdrom/RPM-GPG-KEY-CentOS-7 EOF sleep 1 if [ -f /media/cdrom/RPM-GPG-KEY-CentOS-7 ] ; then echo "cdrom is mounted." echo "use local yum repos." yum clean all &> /dev/null alias yum='yum --disablerepo=\* --enablerepo=c7-media' yum makecache &> /dev/null else echo "cdrom is not mounted,use default yum repos." rm -rf ${yum_dir}/* cp -a ${yum_dir}.bk/* $yum_dir} yum clean all &> /dev/null yum makcache &> /dev/null fi } echo_line echo "input y use local yum repos." echo "input n use internet yum repos." echo "press any key exit scripts." echo_line read -p "choice y or n ." cdr case ${cdr} in y | Y ) lcyum yum_config ;; n | N ) echo "use internet yum repos." yum clean all &> /dev/null ;; *) echo "scripts is exited" exit 1 ;; esac echo_line echo "" #change firewall from firewalld to iptables. echo_line echo "change firewall from firewalld to iptables" echo_line systemctl stop firewalld.service systemctl disable firewalld.service &> /dev/null yum install iptables-services -y systemctl enable iptables &> /dev/null systemctl restarte iptables iptables -A INPUT -d ${lan_ip} -p tcp --dport=22 -J ACCEPT #install squid proxy software. echo_line echo " Install squid " yum install squid -y