Skip to content

Instantly share code, notes, and snippets.

@litao3rd
Last active July 8, 2022 10:23
Show Gist options
  • Save litao3rd/10fb2a39f65e2953d0edd07ac62ea1a6 to your computer and use it in GitHub Desktop.
Save litao3rd/10fb2a39f65e2953d0edd07ac62ea1a6 to your computer and use it in GitHub Desktop.
a small script that add v2ray firewall rules for FIREWALLD that use by firewall-cmd tool on CentOS7
# I buy a fresh VPS from linode with CentOS7 OS. But unfortunally all network connections are blocked by default `iptables` rules except `ssh`.
# All connections that try to connect the VPS will get the error `no route to host` or `Network is unreachable.`. Hope this error message would remind people that there are a huge of annoying firewall rules block your connections.
# Attention:
# I configure my v2ray listen on the port 9200.
# I use vmess protocol with dynamic ports. The dynamic range from 9201 to 9299.
# Here is the script that I configure `iptables` rules with `firewall-cmd` on CentOS7.
#!/bin/bash
sudo firewall-cmd --permanent --new-service=v2ray
sudo firewall-cmd --permanent --service=v2ray --set-description="v2ray core service and use some dynamic ports according /etc/v2ray/config file "
sudo firewall-cmd --permanent --service=v2ray --add-port=9200/tcp
# dynamic ports for vmess protocol: 9201-9299
# I don't know does firewall-cmd support port range. Here I add every single port one by one. Maybe foolish but effect.
for port in `seq 9201 9299`; do
sudo firewall-cmd --permanent --service=v2ray --add-port=$port/tcp
done
sudo firewall-cmd --permanent --zone=public --add-service=v2ray
sudo firewall-cmd --reload
echo "[* `date "+%Y-%m-%d %H:%M:%S"`] add service to FIREWALLD public zone success."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment