From 8aeb72fefd592c8bd81609ecb73418cd961d06be Mon Sep 17 00:00:00 2001 From: joe Date: Thu, 22 Jan 2026 11:41:20 +0900 Subject: [PATCH] =?UTF-8?q?=E3=81=BB=E3=81=BC=E5=AE=8C=E6=88=90=E3=81=8B?= =?UTF-8?q?=E3=81=AA=EF=BC=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ipfn1.0 | 123 +++++++++++++++++++++++++++++++------------------------- 1 file changed, 69 insertions(+), 54 deletions(-) diff --git a/ipfn1.0 b/ipfn1.0 index 29c2f45..feb7c81 100755 --- a/ipfn1.0 +++ b/ipfn1.0 @@ -1,8 +1,8 @@ #!/bin/bash # Name: ipfn -# Version: 1.0.5 +# Version: 1.0.6 # Date: 2026-01-22 -# Description: Added asterisk highlight for new handles and forced delete (-df). +# Description: Supports -dHANDLE / -dfHANDLE (no space) and asterisk highlighting. # sudo権限チェック if [ "$(id -u)" -ne 0 ]; then @@ -23,7 +23,7 @@ init_nft() { nft add chain inet ${TABLE_NAME} forward { type filter hook forward priority 0 \; policy accept \; } 2>/dev/null } -# --- ルール表示 (アスタリスク強調対応) --- +# --- ルール表示 (アスタリスク & ハイライト対応) --- list_rules() { local highlight_uuid=$1 init_nft @@ -48,6 +48,24 @@ list_rules() { done } +# --- 疎通確認 --- +test_rule() { + local handle=$1 + init_nft + local rule_line=$(nft -a list chain inet ${TABLE_NAME} prerouting | grep "handle $handle") + if [[ -z "$rule_line" ]]; then + echo "Error: Rule handle $handle not found." + exit 1 + fi + local lp=$(echo "$rule_line" | grep -o 'dport [0-9]*' | awk '{print $2}') + echo "Testing connectivity to local port :$lp..." + if nc -z -v -w 3 127.0.0.1 "$lp" 2>&1; then + echo -e "\e[32mSuccess: Port is responding.\e[0m" + else + echo -e "\e[31mFailed: Port is NOT responding.\e[0m" + fi +} + # --- ルール追加 --- add_rule() { init_nft @@ -69,14 +87,12 @@ add_rule() { nft add rule inet ${TABLE_NAME} forward $family saddr "$target_ip" "$PROTO" sport "$target_port" ct state established,related accept "$comment" nft add rule inet ${TABLE_NAME} postrouting $family daddr "$target_ip" "$PROTO" dport "$target_port" masquerade "$comment" - if [[ $QUIET == false ]]; then - echo "ipfn: Rule added." - echo "" - list_rules "$raw_uuid" - fi + echo "ipfn: Rule added." + echo "" + list_rules "$raw_uuid" } -# --- ルール削除 (強制削除フラグ対応) --- +# --- ルール削除 --- delete_rule() { init_nft local handle=$1 @@ -109,7 +125,7 @@ delete_rule() { nft delete rule inet ${TABLE_NAME} "$chain" handle "$h" done done - echo "ipfn: Rule handle $handle deleted." + echo "ipfn: Rule group deleted." echo "" list_rules else @@ -118,54 +134,53 @@ delete_rule() { } # --- メイン処理 --- -# 引数の前処理 (強制削除フラグの検出) -TEMP_ARGS=() -while [[ $# -gt 0 ]]; do - case "$1" in - -df) FORCE_DELETE=true; TEMP_ARGS+=("-d") ;; - -f) # 削除コンテキストでのみ強制フラグとして動作 - FORCE_DELETE=true ;; - *) TEMP_ARGS+=("$1") ;; - esac - shift -done -set -- "${TEMP_ARGS[@]}" - while [[ $# -gt 0 ]]; do case "$1" in -L|-l) list_rules; exit 0 ;; - -d) [[ -z "$2" ]] && { echo "Error: Handle required."; exit 1; } - delete_rule "$2"; exit 0 ;; - -t) # 疎通確認ロジック (ver 1.0.4と同様) - local handle=$2 - local rule_line=$(nft -a list chain inet ${TABLE_NAME} prerouting | grep "handle $handle") - if [[ -z "$rule_line" ]]; then echo "Error: Handle $handle not found."; exit 1; fi - local lp=$(echo "$rule_line" | grep -o 'dport [0-9]*' | awk '{print $2}') - echo "Testing :$lp..." - nc -z -v -w 3 127.0.0.1 "$lp" 2>&1 | grep -E "succeeded|connected" && echo -e "\e[32mSuccess\e[0m" || echo -e "\e[31mFailed\e[0m" - exit 0 ;; - -p) PROTO="$2"; shift 2 ;; - -q) QUIET=true; shift ;; - -f_sys) # 内部用: 以前の -f (sysctl) は -f_sys またはメインループ外で処理 - sysctl -w net.ipv4.ip_forward=1 >/dev/null - sysctl -w net.ipv4.conf.all.route_localnet=1 >/dev/null - echo "Kernel parameters updated."; exit 0 ;; - -v) nft list table inet ${TABLE_NAME}; exit 0 ;; - *) break ;; + + # 強制削除 (-df または -df17) + -df*) + FORCE_DELETE=true + handle="${1#-df}" + if [[ -z "$handle" ]]; then handle="$2"; shift; fi + delete_rule "$handle" + exit 0 ;; + + # 通常削除 (-d または -d17) + -d*) + handle="${1#-d}" + if [[ -z "$handle" ]]; then handle="$2"; shift; fi + delete_rule "$handle" + exit 0 ;; + + # テスト (-t または -t17) + -t*) + handle="${1#-t}" + if [[ -z "$handle" ]]; then handle="$2"; shift; fi + test_rule "$handle" + exit 0 ;; + + -p) PROTO="$2"; shift 2 ;; + -q) QUIET=true; shift ;; + -f) + # 削除フラグとして機能させるための先読み + FORCE_DELETE=true + if [[ $# -eq 1 ]]; then + sysctl -w net.ipv4.ip_forward=1 + sysctl -w net.ipv4.conf.all.route_localnet=1 + echo "Kernel parameters updated." + exit 0 + fi + ;; + -v) nft list table inet ${TABLE_NAME}; exit 0 ;; + *) + if [[ "$1" =~ ^[0-9]+: ]]; then + add_rule "$1" + exit 0 + fi + ;; esac shift done -# 初期設定 (-f 単体で実行された場合などの互換性維持) -if [[ "$FORCE_DELETE" == true && $# -eq 0 ]]; then - # -f 単体ならカーネル設定を行う - sysctl -w net.ipv4.ip_forward=1 - sysctl -w net.ipv4.conf.all.route_localnet=1 - exit 0 -fi - -if [[ -n "$1" ]]; then - add_rule "$1" -else - echo "Usage: ipfn [PORT:IP:PORT | -L | -d HANDLE | -df HANDLE | -t HANDLE]" -fi +echo "Usage: ipfn [PORT:IP:PORT | -L | -d(HANDLE) | -df(HANDLE) | -t(HANDLE) | -f]"