#!/usr/bin/env bash
#
set -e
set -x
localIP=`ip a| grep inet|grep -v "127.0.0.1"|awk '{print $2}'|cut -d/ -f1`
if [[ -n $localIP ]];then
echo "==LocalIP: $localIP"
else
echo "==LocalIP: $localIP"
exit
fi
echo "==Start iptables service"
systemctl start firewall.service
systemctl enable firewall.service
echo "==Clean default iptables rules"
iptables -F
echo "==Accept local"
iptables -A INPUT -s ${localIP} -p tcp --destination-ports 2181 -j ACCEPT
iptables -A INPUT -s localhost -p tcp --destination-ports 2181 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -p tcp --destination-ports 2181 -j ACCEPT
echo "==Accept other"
iptables -A INPUT -s 11.95.112.0/20 -p tcp --dport 2181 -j ACCEPT
iptables -A INPUT -s 11.93.208.0/20 -p tcp --dport 2181 -j ACCEPT
echo "==Refuse all"
iptables -A INPUT -p tcp --destination-ports 2181 -j DROP
echo "==Storage iptables rules"
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
sudo iptables-save -t filter > /etc/sysconfig/iptables
