Fixed firewalld setting in CentOS 7

2016-05-12 22:51:17 +09:00 · 2016-05-12 22:51:17 +09:00 · 472829b33b
commit 472829b33b
parent 99bc0b915b
1 changed files with 59 additions and 43 deletions
--- a/shadowsocks.sh
+++ b/shadowsocks.sh
@ -1,29 +1,29 @@
 #! /bin/bash
 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
 export PATH
-#===============================================================================================
-#   System Required:  CentOS 6,7, Debian, Ubuntu
-#   Description: One click Install Shadowsocks-Python server
-#   Author: Teddysun <i@teddysun.com>
-#   Thanks: @clowwindy <https://twitter.com/clowwindy>
-#   Intro:  https://teddysun.com/342.html
-#===============================================================================================
+#=================================================================#
+#   System Required:  CentOS 6+, Debian 7+, Ubuntu 12+            #
+#   Description: One click Install Shadowsocks-Python server      #
+#   Author: Teddysun <i@teddysun.com>                             #
+#   Thanks: @clowwindy <https://twitter.com/clowwindy>            #
+#   Intro:  https://teddysun.com/342.html                         #
+#=================================================================#

 clear
-echo ""
+echo
 echo "#############################################################"
 echo "# One click Install Shadowsocks-Python server               #"
 echo "# Intro: https://teddysun.com/342.html                      #"
 echo "# Author: Teddysun <i@teddysun.com>                         #"
 echo "# Thanks: @clowwindy <https://twitter.com/clowwindy>        #"
 echo "#############################################################"
-echo ""
+echo

 # Make sure only root can run our script
 function rootness(){
    if [[ $EUID -ne 0 ]]; then
-       echo "Error:This script must be run as root!" 1>&2
-       exit 1
+        echo "Error:This script must be run as root!" 1>&2
+        exit 1
    fi
 }

@ -74,18 +74,18 @@ fi
 function pre_install(){
    # Not support CentOS 5
    if centosversion 5; then
-        echo "Not support CentOS 5.x, please change to CentOS 6,7 or Debian or Ubuntu and try again."
+        echo "Not support CentOS 5, please change to CentOS 6+ or Debian 7+ or Ubuntu 12+ and try again."
        exit 1
    fi
    # Set shadowsocks config password
    echo "Please input password for shadowsocks-python:"
    read -p "(Default password: teddysun.com):" shadowsockspwd
    [ -z "$shadowsockspwd" ] && shadowsockspwd="teddysun.com"
-    echo ""
+    echo
    echo "---------------------------"
    echo "password = $shadowsockspwd"
    echo "---------------------------"
-    echo ""
+    echo
    # Set shadowsocks config port
    while true
    do
@ -95,11 +95,11 @@ function pre_install(){
    expr $shadowsocksport + 0 &>/dev/null
    if [ $? -eq 0 ]; then
        if [ $shadowsocksport -ge 1 ] && [ $shadowsocksport -le 65535 ]; then
-            echo ""
+            echo
            echo "---------------------------"
            echo "port = $shadowsocksport"
            echo "---------------------------"
-            echo ""
+            echo
            break
        else
            echo "Input error! Please input correct numbers."
@ -117,7 +117,7 @@ function pre_install(){
        stty echo
        stty $SAVEDSTTY
    }
-    echo ""
+    echo
    echo "Press any key to start...or Press Ctrl+C to cancel"
    char=`get_char`
    #Install necessary dependencies
@ -135,7 +135,7 @@ function pre_install(){
        IP=$(curl -s -4 ipinfo.io/ip)
    fi
    echo -e "Your main public IP is\t\033[32m$IP\033[0m"
-    echo ""
+    echo
    #Current folder
    cur_dir=`pwd`
    cd $cur_dir
@ -173,23 +173,43 @@ function config_shadowsocks(){
 EOF
 }

-# iptables set
-function iptables_set(){
-    echo "iptables start setting..."
-    /etc/init.d/iptables status 1>/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        /sbin/iptables -L -n | grep '${shadowsocksport}' | grep 'ACCEPT' >/dev/null 2>&1
-        if [ $? -ne 0 ]; then
-            /sbin/iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
-            /sbin/iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
-            /etc/init.d/iptables save
-            /etc/init.d/iptables restart
+# firewall set
+function firewall_set(){
+    echo "firewall set start..."
+    if centosversion 6; then
+        /etc/init.d/iptables status > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            iptables -L -n | grep '${shadowsocksport}' | grep 'ACCEPT' > /dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
+                iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
+                /etc/init.d/iptables save
+                /etc/init.d/iptables restart
+            else
+                echo "port ${shadowsocksport} has been set up."
+            fi
        else
-            echo "port ${shadowsocksport} has been set up."
+            echo "WARNING: iptables looks like shutdown or not installed, please manually set it if necessary."
+        fi
+    elif centosversion 7; then
+        systemctl status firewalld > /dev/null 2>&1
+        if [ $? -eq 0 ];then
+            firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
+            firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
+            firewall-cmd --reload
+        else
+            echo "Firewalld looks like not running, try to start..."
+            systemctl start firewalld
+            if [ $? -eq 0 ];then
+                firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
+                firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
+                firewall-cmd --reload
+            else
+                echo "WARNING: Try to start firewalld failed. please enable port ${shadowsocksport} manually if necessary."
+            fi
        fi
-    else
-        echo "iptables looks like shutdown, please manually set it if necessary."
    fi
+    echo "firewall set completed..."
 }

 # Install Shadowsocks
@ -208,11 +228,9 @@ function install_ss(){
    fi

    if [ -f /usr/bin/pip ]; then
-        if [ "$OS" == 'CentOS' ]; then
-            if centosversion 6; then
-                # Fix swig failed error by install old version
-                pip install M2Crypto==0.22.3
-            fi
+        if centosversion 6; then
+            # Fix swig failed error by install old version
+            pip install M2Crypto==0.22.3
        else
            pip install M2Crypto
        fi
@ -226,12 +244,12 @@ function install_ss(){
                chkconfig --add shadowsocks
                chkconfig shadowsocks on
            else
-                update-rc.d shadowsocks defaults
+                update-rc.d -f shadowsocks defaults
            fi
            # Run shadowsocks in the background
            /etc/init.d/shadowsocks start
        else
-            echo ""
+            echo
            echo "Shadowsocks install failed! Please visit https://teddysun.com/342.html and contact."
            exit 1
        fi
@ -300,15 +318,13 @@ function install_shadowsocks(){
    config_shadowsocks
    install_ss
    if [ "$OS" == 'CentOS' ]; then
-        if centosversion 6; then
-            iptables_set
-        fi
+        firewall_set
    fi
 }

 # Initialization step
 action=$1
-[  -z $1 ] && action=install
+[ -z $1 ] && action=install
 case "$action" in
 install)
    install_shadowsocks