From 94620f79760560fef58c34cf63ce1d30a275cf71 Mon Sep 17 00:00:00 2001 From: xzx3344521 Date: Tue, 21 Oct 2025 15:32:02 +0800 Subject: [PATCH] =?UTF-8?q?Create=20=E5=85=B3=E9=97=AD=E9=98=B2=E7=81=AB?= =?UTF-8?q?=E5=A2=99de12?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 关闭防火墙de12 --- 关闭防火墙de12 | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 关闭防火墙de12 diff --git a/关闭防火墙de12 b/关闭防火墙de12 new file mode 100644 index 0000000..bdc8849 --- /dev/null +++ b/关闭防火墙de12 @@ -0,0 +1,96 @@ +#!/bin/bash + +# 综合防火墙禁用脚本 + +set -e + +echo "=== 开始禁用所有防火墙 ===" + +# 检查root权限 +if [ "$EUID" -ne 0 ]; then + echo "请使用 root 权限运行此脚本" + exit 1 +fi + +# 函数:检查并停止服务 +stop_service() { + local service_name=$1 + if systemctl is-active --quiet "$service_name"; then + echo "停止 $service_name 服务..." + systemctl stop "$service_name" + systemctl disable "$service_name" + echo "✓ $service_name 已停止并禁用" + else + echo "✓ $service_name 未运行" + fi +} + +# 停止所有防火墙服务 +stop_service "ufw" +stop_service "firewalld" +stop_service "nftables" +stop_service "iptables" + +# 清除 iptables 规则 +echo "清除 iptables 规则..." +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT + +# 清除 ip6tables 规则 +ip6tables -F +ip6tables -X +ip6tables -t nat -F +ip6tables -t nat -X +ip6tables -t mangle -F +ip6tables -t mangle -X +ip6tables -P INPUT ACCEPT +ip6tables -P FORWARD ACCEPT +ip6tables -P OUTPUT ACCEPT + +# 清除 nftables 规则 +echo "清除 nftables 规则..." +nft flush ruleset 2>/dev/null || true + +# 创建允许所有的 nftables 配置 +cat > /tmp/nftables-accept-all.conf << 'EOF' +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy accept; + } + chain forward { + type filter hook forward priority 0; policy accept; + } + chain output { + type filter hook output priority 0; policy accept; + } +} +EOF + +nft -f /tmp/nftables-accept-all.conf +cp /tmp/nftables-accept-all.conf /etc/nftables.conf + +# 显示最终状态 +echo "" +echo "=== 防火墙状态 ===" +echo "ufw: $(systemctl is-active ufw 2>/dev/null || echo 'inactive')" +echo "firewalld: $(systemctl is-active firewalld 2>/dev/null || echo 'inactive')" +echo "nftables: $(systemctl is-active nftables 2>/dev/null || echo 'inactive')" +echo "" +echo "=== 当前策略 ===" +echo "IPv4 INPUT: $(iptables -L INPUT -n | grep policy | awk '{print $4}')" +echo "IPv6 INPUT: $(ip6tables -L INPUT -n | grep policy | awk '{print $4}')" + +echo "" +echo "✅ 所有防火墙已禁用,系统现在允许所有连接!" +echo "⚠️ 警告:此配置存在安全风险,仅建议在测试环境中使用"