开箱即食:
通过iptables,限制该机器只允许当前ssh机器访问,
-------该工具可选择加上限制或解除限制
#!/bin/bsah
get_sshPort(){
s_p=`cat /etc/ssh/sshd_config |grep "Port " | tail -1`
p=${s_p/"Port "/""}
s=${p/"#"/""}
echo $s
}
restricted(){
sshPort=`get_sshPort`
sshIP=`netstat -atn |grep -i :$sshPort | awk '{print $5}' | awk -F: '{print $1}' | sort -nr | uniq -c | awk '{print $2}'`
#echo $sshIP
for i in $sshIP;do echo $i ;done
directorylist="$(for i in $sshIP;do echo $i; done)"
PS3='IP address of the current login? ' # 设置有帮助的选择提示
until [ "$directory" == "Finished" ]; do
printf "%b" "\a\n\nSelect the IP address of the jumper:\n" >&2
select directory in $directorylist; do
if [ -n "$directory" ]; then
echo "You chose number $REPLY, processing $directory..."
ipt_strategy $directory $sshPort
exit
else
echo "your choice is error!"
fi
done
done
}
ipt_strategy(){
iptables-save > ~/iptables.bak
iptables -A INPUT -s $1 -p tcp --dport $2 -j ACCEPT
iptables -A OUTPUT -d $1 -p tcp --sport $2 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables-save
}
ipt_unfreeze(){
iptables-restore < ~/iptables.bak
}
read -p "Please input your choice 限制/解除限制 S/R:" -t 5 choice
case $choice in
"S")
echo "your choice is S!添加iptables限制"
restricted
;;
"R")
echo "your choice is R!解除iptables限制"
ipt_unfreeze
;;
*)
echo "your choice is error!"
;;
esac
2587
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
