xenserver 通过防火墙禁用xencenter VM控制台方法 

#!/bin/sh

#ver 0.1 0706/2017 hayden
#this script for disable Xenserver VM VNC Console port
#yelang007sheng@163.com

start_iptables(){
    xen_ver=`cat /etc/redhat-release |awk '{print $3}' |awk -F\. '{print $1}'`
    if [ $xen_ver -eq 7 ];then
        /bin/systemctl status  iptables.service >/dev/null
        if [ $? -ne 0 ];then
            /bin/systemctl start iptables.service >/dev/null
        fi
    else
        service iptables status >/dev/null
        if [ $? -ne 0 ];then
            service iptables start >/dev/null
        fi
    fi
}

vm_num(){
    while :
    do
        read -p "Please input VM number: [ exp> 10 or 60 ] " num
        if [ `echo "$num" |grep -c '[^0-9]'` -ne 0 ]; then
            echo "Input VM Number  error!!!"
            continue
          else
             if [ "$num" -gt 0 ]; then
                break
             else
                echo "Input VM Number error!!!"
                continue
             fi
          fi
    done
}

#get_vm_vncport(){
#    xenstore-ls /local/domain |grep vnc-port |awk -F\= '{print $2}' |sed 's/\"//g' >/tmp/vm_vncport.tmp
#}
get_dom0_vncport(){
    dom0_vnc_port=`xenstore-read /local/domain/0/console/vnc-port`
}

drop_vm_vncport(){
max_num=`echo "5900 + $num" |bc`
for((i=5900;i<=$max_num;i++))
do
    iptables -I INPUT -p tcp --dport $i -j DROP >/dev/null
done
#except dom0 VNC port
get_dom0_vncport
iptables -I INPUT -p tcp --dport "$dom0_vnc_port" -j ACCEPT
}

#main
start_iptables
vm_num
drop_vm_vncport
service iptables save
echo "done"
#!/bin/sh

#ver 0.1 0706/2017 hayden
#this script for enable Xenserver VM VNC Console port
#yelang007sheng@163.com

start_iptables(){
    xen_ver=`cat /etc/redhat-release |awk '{print $3}' |awk -F\. '{print $1}'`
    if [ $xen_ver -eq 7 ];then
        /bin/systemctl status  iptables.service >/dev/null
        if [ $? -ne 0 ];then
            /bin/systemctl start iptables.service >/dev/null
        fi
    else
        service iptables status >/dev/null
        if [ $? -ne 0 ];then
            service iptables start >/dev/null
        fi
    fi
}

vm_num(){
    while :
    do
        read -p "Please input VM number: [ exp> 10 or 60 ] " num
        if [ `echo "$num" |grep -c '[^0-9]'` -ne 0 ]; then
            echo "Input VM Number  error!!!"
            continue
          else
             if [ "$num" -gt 0 ]; then
                break
             else
                echo "Input VM Number error!!!"
                continue
             fi
          fi
    done
}

#get_vm_vncport(){
#    xenstore-ls /local/domain |grep vnc-port |awk -F\= '{print $2}' |sed 's/\"//g' >/tmp/vm_vncport.tmp
#}
get_dom0_vncport(){
    dom0_vnc_port=`xenstore-read /local/domain/0/console/vnc-port`
}

drop_vm_vncport(){
max_num=`echo "5900 + $num" |bc`
for((i=5900;i<=$max_num;i++))
do
    iptables -I INPUT -p tcp --dport $i -j ACCEPT >/dev/null
done
#except dom0 VNC port
get_dom0_vncport
iptables -I INPUT -p tcp --dport "$dom0_vnc_port" -j ACCEPT
}

#main
start_iptables
vm_num
drop_vm_vncport
service iptables save
echo "done"

 

posted @ 2017-12-08 17:56  hayden__wang  阅读(1060)  评论(0编辑  收藏  举报