update
This commit is contained in:
88
pub_route.sh
Normal file
88
pub_route.sh
Normal file
@@ -0,0 +1,88 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# 检查是否以root权限运行
|
||||||
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
|
echo "错误:请使用root权限运行(sudo ./pub_route.sh)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 配置参数
|
||||||
|
TABLE_NAME="ipv4_pub" # 路由表名称
|
||||||
|
TABLE_ID=102 # 路由表编号(1-252之间)
|
||||||
|
SOURCE_CIDR="44.32.191.0/24" # 源网段(必须正确填写,否则规则无效)
|
||||||
|
FROM_PRIORITY=1000 # 来源策略优先级
|
||||||
|
TO_PRIORITY=800 # 目的策略优先级
|
||||||
|
RT_TABLES="/etc/iproute2/rt_tables"
|
||||||
|
|
||||||
|
# 网络出口设定
|
||||||
|
TARGET_IP="10.188.0.44" # 新加坡Vultr
|
||||||
|
|
||||||
|
# 1. 验证源网段是否合法
|
||||||
|
if ! echo "$SOURCE_CIDR" | grep -qE '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$'; then
|
||||||
|
echo "错误:源网段$SOURCE_CIDR格式无效,请检查配置"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 2.获取网关
|
||||||
|
echo "正在获取网关..."
|
||||||
|
GATEWAY=$(ip route get "$TARGET_IP" | grep -oP 'via \K\d+\.\d+\.\d+\.\d+')
|
||||||
|
if [ -z "$GATEWAY" ]; then
|
||||||
|
echo "错误:无法获取网关,请检查网络"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "成功获取网关:$GATEWAY"
|
||||||
|
|
||||||
|
# 3. 确保路由表存在
|
||||||
|
if ! grep -q "^${TABLE_ID}[[:space:]]\+${TABLE_NAME}" "$RT_TABLES"; then
|
||||||
|
echo "添加路由表 $TABLE_NAME(编号$TABLE_ID)..."
|
||||||
|
echo "${TABLE_ID} ${TABLE_NAME}" >> "$RT_TABLES"
|
||||||
|
else
|
||||||
|
echo "路由表 $TABLE_NAME 已存在,无需创建"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 4. 配置/更新默认路由
|
||||||
|
echo "配置$TABLE_NAME表的默认路由(via $GATEWAY)..."
|
||||||
|
ip route del default table "$TABLE_NAME" 2>/dev/null # 删除旧路由
|
||||||
|
ip route add default via "$GATEWAY" table "$TABLE_NAME" # 添加新路由
|
||||||
|
echo "默认路由已更新为:default via $GATEWAY table $TABLE_NAME"
|
||||||
|
|
||||||
|
# 5. 配置/更新策略规则(使用正确的源网段)
|
||||||
|
echo "配置策略规则:来源$SOURCE_CIDR使用$TABLE_NAME表..."
|
||||||
|
# 来源访问任何
|
||||||
|
ip rule del from "$SOURCE_CIDR" table "$TABLE_NAME" 2>/dev/null
|
||||||
|
ip rule add from "$SOURCE_CIDR" table "$TABLE_NAME" priority "$FROM_PRIORITY"
|
||||||
|
# 任何访问来源
|
||||||
|
ip rule del to "$SOURCE_CIDR" table main 2>/dev/null
|
||||||
|
ip rule add to "$SOURCE_CIDR" table main priority "$TO_PRIORITY"
|
||||||
|
echo "策略规则已更新为:from $SOURCE_CIDR table $TABLE_NAME priority $PRIORITY"
|
||||||
|
|
||||||
|
# 6. 验证配置
|
||||||
|
echo -e "\n===== 配置验证 ====="
|
||||||
|
echo "$TABLE_NAME表中的路由:"
|
||||||
|
ip route show table "$TABLE_NAME"
|
||||||
|
|
||||||
|
echo -e "\n策略规则:"
|
||||||
|
ip rule show
|
||||||
|
|
||||||
|
# 7. 持久化配置(Debian/Ubuntu)
|
||||||
|
echo -e "\n===== 持久化配置 ====="
|
||||||
|
INTERFACE_FILE="/etc/network/interfaces"
|
||||||
|
PERSIST_MARKER="# 策略路由持久化配置($TABLE_NAME表)"
|
||||||
|
PERSIST_COMMANDS=$(cat <<EOF
|
||||||
|
$PERSIST_MARKER
|
||||||
|
up ip route add default via $GATEWAY table $TABLE_NAME
|
||||||
|
up ip rule add from $SOURCE_CIDR table $TABLE_NAME priority $PRIORITY
|
||||||
|
up ip rule add to "$SOURCE_CIDR" table main priority "$TO_PRIORITY"
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
|
||||||
|
# 删除旧的持久化配置
|
||||||
|
if grep -q "$PERSIST_MARKER" "$INTERFACE_FILE"; then
|
||||||
|
echo "删除旧的持久化配置..."
|
||||||
|
sed -i "/$PERSIST_MARKER/,+2d" "$INTERFACE_FILE"
|
||||||
|
fi
|
||||||
|
# 添加新的持久化配置
|
||||||
|
echo "添加更新后的持久化配置到$INTERFACE_FILE..."
|
||||||
|
echo "$PERSIST_COMMANDS" >> "$INTERFACE_FILE"
|
||||||
|
|
||||||
|
echo -e "\n配置完成!所有配置已生效"
|
||||||
Reference in New Issue
Block a user