免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
12下一页
最近访问板块 发新帖
查看: 4401 | 回复: 12

一个SEHLL命令的问题 [复制链接]

论坛徽章:
0
发表于 2008-03-06 10:00 |显示全部楼层
这个$1的变量没有设置,为但为什么在这个里面他们会这样写呢?

SYSCTL=“/sbin/sysctl -w”

if [ "$1" = "save" ]
then
        echo -n "Saving firewall to /etc/sysconfig/iptables ... "
        $IPTS > /etc/sysconfig/iptables
        echo "done"
        exit 0
elif [ "$1" = "restore" ]
then
        echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
        $IPTR < /etc/sysconfig/iptables
        echo "done"
        exit 0
fi

# This enables SYN flood protection.
# The SYN cookies activation allows your system to accept an unlimited
# number of TCP connections while still trying to give reasonable
# service during a denial of service attack.
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/tcp_syncookies
else
    $SYSCTL net.ipv4.tcp_syncookies="1"
fi

# This enables source validation by reversed path according to RFC1812.
# In other words, did the response packet originate from the same interface
# through which the source packet was sent?  It's recommended for single-homed
# systems and routers on stub networks.  Since those are the configurations
# this firewall is designed to support, I turn it on by default.
# Turn it off if you use multiple NICs connected to the same network.
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
else
    $SYSCTL net.ipv4.conf.all.rp_filter="1"
fi

请帮忙解释谢谢!

论坛徽章:
0
发表于 2008-03-06 10:02 |显示全部楼层

回复 #1 pduan1209 的帖子

$1 应该是命令行参数吧

论坛徽章:
0
发表于 2008-03-06 10:05 |显示全部楼层
我知道是,但它是从那里来的这个参数

论坛徽章:
0
发表于 2008-03-06 10:08 |显示全部楼层
这个是全代码:
#!/bin/sh
# Local Settings
SYSCTL="/sbin/sysctl -w"
IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"
# Internet Interface
INET_IFACE="eth0"
INET_ADDRESS="*.*.*.*"
# Local Interface Information
LOCAL_IFACE="eth1"
LOCAL_IP="172.21.41.15"
LOCAL_NET="172.21.41.0/24"
LOCAL_BCAST="172.21.41.255"
# Localhost Interface
LO_IFACE="lo"
LO_IP="127.0.0.1"
# Save and Restore arguments handled here
if [ "$1"(这个是从何而来) = "save" ]
then
        echo -n "Saving firewall to /etc/sysconfig/iptables ... "
        $IPTS > /etc/sysconfig/iptables
        echo "done"
        exit 0
elif [ "$1" = "restore" ]
then
        echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
        $IPTR < /etc/sysconfig/iptables
        echo "done"
        exit 0
fi
echo "Loading kernel modules ..."
# core netfilter module
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_mark
# /sbin/modprobe multiport
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
# /sbin/modprobe iptable_filter
# /sbin/modprobe iptable_mangle
# /sbin/modprobe ipt_LOG
"iptables.new" 194L, 5382C
#!/bin/sh
# Local Settings
SYSCTL="/sbin/sysctl -w"
IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"
# Internet Interface
INET_IFACE="eth0"
INET_ADDRESS="218.93.112.27"
# Local Interface Information
LOCAL_IFACE="eth1"
LOCAL_IP="172.21.41.15"
LOCAL_NET="172.21.41.0/24"
LOCAL_BCAST="172.21.41.255"
# Localhost Interface
LO_IFACE="lo"
LO_IP="127.0.0.1"
# Save and Restore arguments handled here
if [ "$1" = "save" ]
then
        echo -n "Saving firewall to /etc/sysconfig/iptables ... "
        $IPTS > /etc/sysconfig/iptables
        echo "done"
        exit 0
elif [ "$1" = "restore" ]
then
        echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
        $IPTR < /etc/sysconfig/iptables
        echo "done"
        exit 0
fi
echo "Loading kernel modules ..."
# core netfilter module
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_mark
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
# /sbin/modprobe iptable_filter
# /sbin/modprobe iptable_mangle
# /sbin/modprobe ipt_LOG
$IPT -A INPUT -p TCP -i $INET_IFACE -m multiport --dports 20,21,22,25,80,8080,110 -j ACCEPT
$IPT -A INPUT -i $INET_IFACE -p TCP -s 0/0 -m multiport --dports 5000:5100 -j ACCEPT
$IPT -A INPUT -i $INET_IFACE -p TCP -s 0/0 -m multiport --dports 6891:6900 -j ACCEPT
$IPT -A INPUT -i $INET_IFACE -p TCP -s 0/0 -m multiport --dports 30000:50000 -j ACCEPT

$IPT -A INPUT -i $INET_IFACE -p UDP -s 0/0 --dport 53 -j ACCEPT
# $IPT -A FORWARD -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
# $IPT -A FORWARD -p ALL -m state --state INVALID -j DROP

$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
# $IPT -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "FORWARD died: "
# $IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
# Localhost
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
# To internal network
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
# To internet
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
# $IPT -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG  --log-prefix "OUTPUT died: "
## $IPT -t nat -A PREROUTING -i $LOCAL_IFACE -p tcp --dport 80  -j REDIRECT --to-port 3128
## $IPT -t nat -A PREROUTING -i $LOCAL_IFACE -p tcp --dport 443  -j REDIRECT --to-port 3128
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_ADDRESS
# $IPT -t nat -A POSTROUTING -s $LOCAL_IFACE -o $INET_IFACE -j MASQUERADE
# mangle table

# chong ding xiang dao nei wang
$IPT -A FORWARD -p tcp -i $INET_IFACE  -d 172.21.41.13 --dport 3000 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp -i $INET_IFACE --dport 8080 -j DNAT --to 172.21.41.13:3000
$IPT -t nat -A PREROUTING -p tcp -i $LOCAL_IFACE --dport 8080 -j DNAT --to 172.21.41.13:3000
$IPT -t nat -A POSTROUTING -o $LOCAL_IFACE -d 172.21.41.13 -p tcp --dport 3000 -j SNAT --to-source $LOCAL_IP

论坛徽章:
0
发表于 2008-03-06 10:22 |显示全部楼层
这是命令的参数
如果这个Shell叫a.sh
就可以这样执行

  1. ./a.sh save
复制代码

save就是$1

论坛徽章:
0
发表于 2008-03-06 10:31 |显示全部楼层
if [ "$1" = "save" ]
只是指明当$1=SAVE时做一下的操作,但是这个$1怎样从那里得到这个Save呢,系统里是怎样进行的。另还有一个变量为$SYSCTL,值等于空又是从何可以判断呢

论坛徽章:
0
发表于 2008-03-06 11:07 |显示全部楼层
那位可以帮帮我.谢谢!

论坛徽章:
0
发表于 2008-03-06 11:11 |显示全部楼层
5楼朋友已经告诉您关于$1的事。


您也许需要阅读一些shell方面的书。

论坛徽章:
3
2015亚冠之卡尔希纳萨夫
日期:2015-08-04 19:46:43数据库技术版块每日发帖之星
日期:2015-08-07 06:20:00数据库技术版块每日发帖之星
日期:2016-08-15 06:20:00
发表于 2008-03-06 15:55 |显示全部楼层
看看shell版的13问哈,这么简单的一个基本东西!

论坛徽章:
1
摩羯座
日期:2015-01-08 14:01:55
发表于 2008-03-06 16:41 |显示全部楼层
建议楼主去shell版块看看。
eg:sh test.sh word1 word2 word3
在这里,test.sh就是$0,word1=$1,word2=$2,word3=$3
word1和word2中间的为Tab或空格键
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP