由于业务需要,需要限制一下服务器的出网下载,只能在00-17点这个时间段才能出网下载资源,其它
时间不运行出网下载。所以决定用iptables做一下限制,这样是最简单时效的,废话不多说,看脚本。
#!/bin/bash
re_log(){
Time=$(date "+%Y%m%d %T")
echo -e "[$Time] $1" >>/tmp/change_iptables.log
}
change_iptables(){
from=$1
to=$2
echo "copy $from to $to.."
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
cp -rf $from $to
if [ $? -ge 1 ];then
re_log "copy $from to $to.. failed.."
else
re_log "copy $from to $to.. success.."
fi
# service iptables status || service iptables start
service iptables restart
}
limit(){
change_iptables /root/workspace/iptables_drop /etc/sysconfig/iptables
}
open(){
change_iptables /root/workspace/iptables /etc/sysconfig/iptables
}
case $1 in
--limit|limit)
limit
;;
--open|open)
open
;;
*)
echo "Usage: $0 limit|open"
echo "Ex: $0 open"
exit
;;
esac
add_crond(){
sed -i ‘/\/root\/workspace\/iptables.sh/d‘ /etc/crontab
echo -e "*/5 18-23 * * * root /root/workspace/iptables.sh limit &>/dev/null" >>/etc/crontab
echo -e "*/5 00-17 * * * root /root/workspace/iptables.sh open &>/dev/null" >>/etc/crontab
}
add_crond本文出自 “为技术而生” 博客,转载请与作者联系!
原文地址:http://liangxj.blog.51cto.com/1422028/1676463
