shell和go实现：防火墙放行所有端口，唯独拦截80端口

shell

1.防火墙放行所有端口，唯独拦截80端口

1.1拦截

mkdir -p /data/shellscat > /data/shells/02nginx_close.sh <<-'EOF'
#!/bin/bash# 检查Linux系统版本
linux_version=$(cat /etc/redhat-release)# 根据Linux系统版本选择相应的防火墙开启命令和保存规则命令
if [[ $linux_version == *"7"* || $linux_version == *"8"* ]]; thenfirewall_cmd="systemctl status firewalld"save_rules_cmd="firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port="80" protocol="tcp" reject' &&  firewall-cmd --reload"
elif [[ $linux_version == *"6"* || $linux_version == *"5"* ]]; thenfirewall_cmd="service iptables status"save_rules_cmd="service iptables save"
elseecho "Unsupported Linux version."exit 1
fi# 执行防火墙命令并检查状态
firewall_status=$($firewall_cmd)if [[ $firewall_status == *"is stopped"* || $firewall_status == *"not running"* ||  $firewall_status == *"inactive"* ]]; then# 如果防火墙处于关闭状态，则启动防火墙if [[ $linux_version == *"7"* || $linux_version == *"8"* ]]; thensystemctl start firewalldelif [[ $linux_version == *"6"* || $linux_version == *"5"* ]]; thenservice iptables startfi
fi# 开启防火墙放行所有端口，拦截部分端口
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -j ACCEPT# 保存iptables规则
eval $save_rules_cmdEOFchmod +x /data/shells/*sh

eval 是一个 Bash 内置命令，用于执行由字符串表示的命令。在这种情况下，$save_rules_cmd 是一个包含保存规则命令的字符串变量。
使用 eval $save_rules_cmd 的目的是将保存规则的命令作为字符串解析并执行。通过这种方式，可以根据不同的 Linux 系统版本动态地执行正确的保存规则命令，而无需硬编码特定的命令。
简而言之，eval $save_rules_cmd 将字符串变量 $save_rules_cmd 中的命令作为实际的命令执行。

1.2 删除拦截

cat > /data/shells/03nginx_kaiqi.sh <<-'EOF'
#!/bin/bash# 检查Linux系统版本
linux_version=$(cat /etc/redhat-release)# 根据Linux系统版本选择相应的防火墙开启命令和保存规则命令
if [[ $linux_version == *"7"* || $linux_version == *"8"* ]]; thenfirewall_cmd="systemctl status firewalld"save_rules_cmd="firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" port port="80" protocol="tcp" reject' &&  firewall-cmd --reload"
elif [[ $linux_version == *"6"* || $linux_version == *"5"* ]]; thenfirewall_cmd="service iptables status"save_rules_cmd="service iptables save"
elseecho "Unsupported Linux version."exit 1
fi# 执行防火墙命令并检查状态
firewall_status=$($firewall_cmd)if [[ $firewall_status == *"is stopped"* || $firewall_status == *"not running"* ||  $firewall_status == *"inactive"* ]]; then# 如果防火墙处于关闭状态，则启动防火墙if [[ $linux_version == *"7"* || $linux_version == *"8"* ]]; thensystemctl start firewalldelif [[ $linux_version == *"6"* || $linux_version == *"5"* ]]; thenservice iptables startfi
fi# 删除防火墙放行所有端口，拦截部分端口
iptables -D INPUT -p tcp --dport 80 -j DROP
iptables -D INPUT -j ACCEPT# 保存iptables规则
eval $save_rules_cmdEOFchmod +x /data/shells/*sh

GO语言

开始拦截

package mainimport ("bytes""fmt""log""os/exec""strings"
)func main() {// 查看系统版本linuxVersion, err := executeCommand("cat /etc/redhat-release")if err != nil {log.Fatalf("Error executing command: %v", err)}fmt.Println("系统版本：", linuxVersion)// 查看防火墙状态并启动防火墙if strings.Contains(linuxVersion, "release 7") {isFirewallDisabled(linuxVersion)addFirewallRule(linuxVersion)} else if strings.Contains(linuxVersion, "release 6") {isFirewallDisabled(linuxVersion)addFirewallRule(linuxVersion)} else {fmt.Println("未知的系统版本，无法查看防火墙状态")return}}func executeCommand(command string) (string, error) {cmd := exec.Command("bash", "-c", command)var out bytes.Buffercmd.Stdout = &outerr := cmd.Run()if err != nil {return "", err}return out.String(), nil
}func isFirewallDisabled(linuxVersion string) {if strings.Contains(linuxVersion, "release 7") {cmd := exec.Command("sudo", "systemctl", "status", "firewalld")out, err := cmd.Output()if err != nil {fmt.Printf("systemctl status firewalld error: %v\n", err)}output := string(out)if strings.Contains(output, "Active: inactive") {startFirewalld()}} else if strings.Contains(linuxVersion, "release 6") {cmd := exec.Command("sudo", "service", "iptables", "status")out, err := cmd.Output()if err != nil {fmt.Printf("service iptables status error: %v\n", err)}output := string(out)if strings.Contains(output, "not running") {startIptables()}}
}func startFirewalld() {cmd := exec.Command("sudo", "systemctl", "start", "firewalld")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}fmt.Println("7防火墙已启动")
}func startIptables() {cmd := exec.Command("sudo", "service", "iptables", "start")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}fmt.Println("6防火墙已启动")
}func addFirewallRule(linuxVersion string) {if strings.Contains(linuxVersion, "release 7") {cmd := exec.Command("sudo", "firewall-cmd", "--permanent", "--zone=public", "--add-rich-rule=rule family=\"ipv4\" port port=\"80\" protocol=\"tcp\" reject")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}cmd = exec.Command("sudo", "firewall-cmd", "--reload")err = cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}} else if strings.Contains(linuxVersion, "release 6") {cmd := exec.Command("sudo", "iptables", "-A", "INPUT", "-p", "tcp", "--dport", "80", "-j", "DROP")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}cmd = exec.Command("sudo", "iptables", "-A", "INPUT", "-j", "ACCEPT")err = cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}}
}

删除拦截端口，关闭防火墙

package mainimport ("bytes""fmt""log""os/exec""strings"
)func main() {// 查看系统版本linuxVersion, err := executeCommand("cat /etc/redhat-release")if err != nil {log.Fatalf("Error executing command: %v", err)}fmt.Println("系统版本：", linuxVersion)// 查看防火墙状态并启动防火墙if strings.Contains(linuxVersion, "release 7") {isFirewallDisabled(linuxVersion)addFirewallRule(linuxVersion)} else if strings.Contains(linuxVersion, "release 6") {isFirewallDisabled(linuxVersion)addFirewallRule(linuxVersion)} else {fmt.Println("未知的系统版本，无法查看防火墙状态")return}}func executeCommand(command string) (string, error) {cmd := exec.Command("bash", "-c", command)var out bytes.Buffercmd.Stdout = &outerr := cmd.Run()if err != nil {return "", err}return out.String(), nil
}func isFirewallDisabled(linuxVersion string) {if strings.Contains(linuxVersion, "release 7") {cmd := exec.Command("sudo", "systemctl", "status", "firewalld")out, err := cmd.Output()if err != nil {fmt.Printf("systemctl status firewalld error: %v\n", err)}output := string(out)if strings.Contains(output, "Active: inactive") {startFirewalld()}} else if strings.Contains(linuxVersion, "release 6") {cmd := exec.Command("sudo", "service", "iptables", "status")out, err := cmd.Output()if err != nil {fmt.Printf("service iptables status error: %v\n", err)}output := string(out)if strings.Contains(output, "not running") {startIptables()}}
}func startFirewalld() {cmd := exec.Command("sudo", "systemctl", "start", "firewalld")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}fmt.Println("7防火墙已启动")
}func startIptables() {cmd := exec.Command("sudo", "service", "iptables", "start")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}fmt.Println("6防火墙已启动")
}func addFirewallRule(linuxVersion string) {if strings.Contains(linuxVersion, "release 7") {cmd := exec.Command("sudo", "firewall-cmd", "--permanent", "--zone=public", "--remove-rich-rule=rule family=\"ipv4\" port port=\"80\" protocol=\"tcp\" reject")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}cmd = exec.Command("sudo", "firewall-cmd", "--reload")err = cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}cmd = exec.Command("sudo", "systemctl", "stop", "firewalld")err = cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}} else if strings.Contains(linuxVersion, "release 6") {cmd := exec.Command("sudo", "iptables", "-D", "INPUT", "-p", "tcp", "--dport", "80", "-j", "DROP")err := cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}cmd = exec.Command("sudo", "iptables", "-D", "INPUT", "-j", "ACCEPT")err = cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}cmd = exec.Command("sudo", "service", "iptables", "stop")err = cmd.Run()if err != nil {fmt.Printf("Command execution failed with error: %v\n", err)}}
}

Windows编译Linux可执行文件

如果我想在Windows下编译一个Linux下可执行文件，那需要怎么做呢？只需要在编译时指定目标操作系统的平台和处理器架构即可。
注意：无论你在Windows电脑上使用VsCode编辑器还是Goland编辑器，都要注意你使用的终端类型，因为不同的终端下命令不一样！！！目前的Windows通常默认使用的是PowerShell终端。
如果你的Windows使用的是cmd，那么按如下方式指定环境变量。

1，go 打包windows exe运行文件如果设置过其他系统环境 就要重新设置设置系统环境$env:GOOS = "windows"$env:GOARCH = "amd64"go build hello.go2.go打包 linux运行文件如果设置过其他系统环境 就要重新设置设置系统环境$env:GOOS = "linux"$env:GOARCH = "amd64"go build hello.go#查看变量 
go env#修改环境变量
go env -w GOOS="windows"