Last active
July 8, 2022 10:23
-
-
Save litao3rd/10fb2a39f65e2953d0edd07ac62ea1a6 to your computer and use it in GitHub Desktop.
a small script that add v2ray firewall rules for FIREWALLD that use by firewall-cmd tool on CentOS7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I buy a fresh VPS from linode with CentOS7 OS. But unfortunally all network connections are blocked by default `iptables` rules except `ssh`. | |
| # All connections that try to connect the VPS will get the error `no route to host` or `Network is unreachable.`. Hope this error message would remind people that there are a huge of annoying firewall rules block your connections. | |
| # Attention: | |
| # I configure my v2ray listen on the port 9200. | |
| # I use vmess protocol with dynamic ports. The dynamic range from 9201 to 9299. | |
| # Here is the script that I configure `iptables` rules with `firewall-cmd` on CentOS7. | |
| #!/bin/bash | |
| sudo firewall-cmd --permanent --new-service=v2ray | |
| sudo firewall-cmd --permanent --service=v2ray --set-description="v2ray core service and use some dynamic ports according /etc/v2ray/config file " | |
| sudo firewall-cmd --permanent --service=v2ray --add-port=9200/tcp | |
| # dynamic ports for vmess protocol: 9201-9299 | |
| # I don't know does firewall-cmd support port range. Here I add every single port one by one. Maybe foolish but effect. | |
| for port in `seq 9201 9299`; do | |
| sudo firewall-cmd --permanent --service=v2ray --add-port=$port/tcp | |
| done | |
| sudo firewall-cmd --permanent --zone=public --add-service=v2ray | |
| sudo firewall-cmd --reload | |
| echo "[* `date "+%Y-%m-%d %H:%M:%S"`] add service to FIREWALLD public zone success." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment