Update buildvm.sh

2024-11-16 03:57:07 +08:00 · 2023-04-09 23:50:03 +08:00 · 2023-04-09 23:50:03 +08:00 · 820d50f004
commit 820d50f004
parent d31c432375
1 changed files with 34 additions and 34 deletions
--- a/buildvm.sh
+++ b/buildvm.sh
@ -87,40 +87,40 @@ qm set $vm_num --cipassword $password --ciuser $user
 qm resize $vm_num scsi0 ${disk}G
 qm start $vm_num

-if systemctl enable iptables > /dev/null 2>&1; then
-  iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ${IPV4}
-  iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${sshn} -j DNAT --to-destination ${user_ip}:22
-  iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web1_port} -j DNAT --to-destination ${user_ip}:80
-  iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web2_port} -j DNAT --to-destination ${user_ip}:443
-  iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
-  iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
-  service iptables save
-  service iptables restart
-else
-  if ! systemctl is-active --quiet nftables; then
-      systemctl start nftables
-  fi
-  if ! command -v nft >/dev/null 2>&1; then
-      apt-get install nftables
-  fi
-  if ! nft list tables | grep -q nat; then
-      nft add table nat
-  fi
-  if ! nft list table nat | grep -q postrouting; then
-      nft add chain nat postrouting { type nat hook postrouting priority 0 \; }
-#       nft add rule nat postrouting oif eth0 snat to ${IPV4}
-  fi
-  if ! nft list table nat | grep -q prerouting; then
-      nft add chain nat prerouting { type nat hook prerouting priority 0 \; }
-  fi
-  nft add rule nat prerouting iif eth0 tcp dport ${sshn} dnat to ${user_ip}:22
-  nft add rule nat prerouting iif eth0 tcp dport ${web1_port} dnat to ${user_ip}:80
-  nft add rule nat prerouting iif eth0 tcp dport ${web2_port} dnat to ${user_ip}:443
-  nft add rule nat prerouting iif eth0 tcp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
-  nft add rule nat prerouting iif eth0 udp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
-  nft list ruleset > /etc/nftables.conf
-  systemctl restart nftables.service
-fi
+# if systemctl enable iptables > /dev/null 2>&1; then
+#   iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ${IPV4}
+#   iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${sshn} -j DNAT --to-destination ${user_ip}:22
+#   iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web1_port} -j DNAT --to-destination ${user_ip}:80
+#   iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web2_port} -j DNAT --to-destination ${user_ip}:443
+#   iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
+#   iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
+#   service iptables save
+#   service iptables restart
+# else
+#   if ! systemctl is-active --quiet nftables; then
+#       systemctl start nftables
+#   fi
+#   if ! command -v nft >/dev/null 2>&1; then
+#       apt-get install nftables
+#   fi
+#   if ! nft list tables | grep -q nat; then
+#       nft add table nat
+#   fi
+#   if ! nft list table nat | grep -q postrouting; then
+#       nft add chain nat postrouting { type nat hook postrouting priority 0 \; }
+# #       nft add rule nat postrouting oif eth0 snat to ${IPV4}
+#   fi
+#   if ! nft list table nat | grep -q prerouting; then
+#       nft add chain nat prerouting { type nat hook prerouting priority 0 \; }
+#   fi
+#   nft add rule nat prerouting iif eth0 tcp dport ${sshn} dnat to ${user_ip}:22
+#   nft add rule nat prerouting iif eth0 tcp dport ${web1_port} dnat to ${user_ip}:80
+#   nft add rule nat prerouting iif eth0 tcp dport ${web2_port} dnat to ${user_ip}:443
+#   nft add rule nat prerouting iif eth0 tcp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
+#   nft add rule nat prerouting iif eth0 udp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
+#   nft list ruleset > /etc/nftables.conf
+#   systemctl restart nftables.service
+# fi

 echo "$vm_num $user $password $core $memory $disk $sshn $web1_port $web2_port $port_first $port_last $system" >> "vm${vm_num}"
 cat "vm${vm_num}"