From 472829b33b723aa8ed067fcfaa7f80728837e9e2 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Thu, 12 May 2016 22:51:17 +0900
Subject: [PATCH] Fixed firewalld setting in CentOS 7

---
 shadowsocks.sh | 102 ++++++++++++++++++++++++++++---------------------
 1 file changed, 59 insertions(+), 43 deletions(-)

diff --git a/shadowsocks.sh b/shadowsocks.sh
index 039798d..9951ddb 100644
--- a/shadowsocks.sh
+++ b/shadowsocks.sh
@@ -1,29 +1,29 @@
 #! /bin/bash
 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
 export PATH
-#===============================================================================================
-#   System Required:  CentOS 6,7, Debian, Ubuntu
-#   Description: One click Install Shadowsocks-Python server
-#   Author: Teddysun <i@teddysun.com>
-#   Thanks: @clowwindy <https://twitter.com/clowwindy>
-#   Intro:  https://teddysun.com/342.html
-#===============================================================================================
+#=================================================================#
+#   System Required:  CentOS 6+, Debian 7+, Ubuntu 12+            #
+#   Description: One click Install Shadowsocks-Python server      #
+#   Author: Teddysun <i@teddysun.com>                             #
+#   Thanks: @clowwindy <https://twitter.com/clowwindy>            #
+#   Intro:  https://teddysun.com/342.html                         #
+#=================================================================#
 
 clear
-echo ""
+echo
 echo "#############################################################"
 echo "# One click Install Shadowsocks-Python server               #"
 echo "# Intro: https://teddysun.com/342.html                      #"
 echo "# Author: Teddysun <i@teddysun.com>                         #"
 echo "# Thanks: @clowwindy <https://twitter.com/clowwindy>        #"
 echo "#############################################################"
-echo ""
+echo
 
 # Make sure only root can run our script
 function rootness(){
     if [[ $EUID -ne 0 ]]; then
-       echo "Error:This script must be run as root!" 1>&2
-       exit 1
+        echo "Error:This script must be run as root!" 1>&2
+        exit 1
     fi
 }
 
@@ -74,18 +74,18 @@ fi
 function pre_install(){
     # Not support CentOS 5
     if centosversion 5; then
-        echo "Not support CentOS 5.x, please change to CentOS 6,7 or Debian or Ubuntu and try again."
+        echo "Not support CentOS 5, please change to CentOS 6+ or Debian 7+ or Ubuntu 12+ and try again."
         exit 1
     fi
     # Set shadowsocks config password
     echo "Please input password for shadowsocks-python:"
     read -p "(Default password: teddysun.com):" shadowsockspwd
     [ -z "$shadowsockspwd" ] && shadowsockspwd="teddysun.com"
-    echo ""
+    echo
     echo "---------------------------"
     echo "password = $shadowsockspwd"
     echo "---------------------------"
-    echo ""
+    echo
     # Set shadowsocks config port
     while true
     do
@@ -95,11 +95,11 @@ function pre_install(){
     expr $shadowsocksport + 0 &>/dev/null
     if [ $? -eq 0 ]; then
         if [ $shadowsocksport -ge 1 ] && [ $shadowsocksport -le 65535 ]; then
-            echo ""
+            echo
             echo "---------------------------"
             echo "port = $shadowsocksport"
             echo "---------------------------"
-            echo ""
+            echo
             break
         else
             echo "Input error! Please input correct numbers."
@@ -117,7 +117,7 @@ function pre_install(){
         stty echo
         stty $SAVEDSTTY
     }
-    echo ""
+    echo
     echo "Press any key to start...or Press Ctrl+C to cancel"
     char=`get_char`
     #Install necessary dependencies
@@ -135,7 +135,7 @@ function pre_install(){
         IP=$(curl -s -4 ipinfo.io/ip)
     fi
     echo -e "Your main public IP is\t\033[32m$IP\033[0m"
-    echo ""
+    echo
     #Current folder
     cur_dir=`pwd`
     cd $cur_dir
@@ -173,23 +173,43 @@ function config_shadowsocks(){
 EOF
 }
 
-# iptables set
-function iptables_set(){
-    echo "iptables start setting..."
-    /etc/init.d/iptables status 1>/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        /sbin/iptables -L -n | grep '${shadowsocksport}' | grep 'ACCEPT' >/dev/null 2>&1
-        if [ $? -ne 0 ]; then
-            /sbin/iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
-            /sbin/iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
-            /etc/init.d/iptables save
-            /etc/init.d/iptables restart
+# firewall set
+function firewall_set(){
+    echo "firewall set start..."
+    if centosversion 6; then
+        /etc/init.d/iptables status > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            iptables -L -n | grep '${shadowsocksport}' | grep 'ACCEPT' > /dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
+                iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
+                /etc/init.d/iptables save
+                /etc/init.d/iptables restart
+            else
+                echo "port ${shadowsocksport} has been set up."
+            fi
         else
-            echo "port ${shadowsocksport} has been set up."
+            echo "WARNING: iptables looks like shutdown or not installed, please manually set it if necessary."
+        fi
+    elif centosversion 7; then
+        systemctl status firewalld > /dev/null 2>&1
+        if [ $? -eq 0 ];then
+            firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
+            firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
+            firewall-cmd --reload
+        else
+            echo "Firewalld looks like not running, try to start..."
+            systemctl start firewalld
+            if [ $? -eq 0 ];then
+                firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
+                firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
+                firewall-cmd --reload
+            else
+                echo "WARNING: Try to start firewalld failed. please enable port ${shadowsocksport} manually if necessary."
+            fi
         fi
-    else
-        echo "iptables looks like shutdown, please manually set it if necessary."
     fi
+    echo "firewall set completed..."
 }
 
 # Install Shadowsocks
@@ -208,11 +228,9 @@ function install_ss(){
     fi
 
     if [ -f /usr/bin/pip ]; then
-        if [ "$OS" == 'CentOS' ]; then
-            if centosversion 6; then
-                # Fix swig failed error by install old version
-                pip install M2Crypto==0.22.3
-            fi
+        if centosversion 6; then
+            # Fix swig failed error by install old version
+            pip install M2Crypto==0.22.3
         else
             pip install M2Crypto
         fi
@@ -226,12 +244,12 @@ function install_ss(){
                 chkconfig --add shadowsocks
                 chkconfig shadowsocks on
             else
-                update-rc.d shadowsocks defaults
+                update-rc.d -f shadowsocks defaults
             fi
             # Run shadowsocks in the background
             /etc/init.d/shadowsocks start
         else
-            echo ""
+            echo
             echo "Shadowsocks install failed! Please visit https://teddysun.com/342.html and contact."
             exit 1
         fi
@@ -300,15 +318,13 @@ function install_shadowsocks(){
     config_shadowsocks
     install_ss
     if [ "$OS" == 'CentOS' ]; then
-        if centosversion 6; then
-            iptables_set
-        fi
+        firewall_set
     fi
 }
 
 # Initialization step
 action=$1
-[  -z $1 ] && action=install
+[ -z $1 ] && action=install
 case "$action" in
 install)
     install_shadowsocks