14.04 如何使该脚本在启动时运行?

tag-icon tag-icon 14.04
14.04 如何使该脚本在启动时运行?

我有以下脚本,我需要在 Ubuntu Server 启动时运行它。我可以把它放在哪里?在rc.local?提前致谢!

  #!/bin/sh

  # Variaveis
  LOIF="lo"
  LOIP="127.0.0.1/32"
  LOOPBACKIF="lo"
  LOOPBACKIP="127.0.0.1/32"


  INTIF="eth0"
  INTIP="192.3.1.2/32"
  REDEINT="192.3.1.0/24"

  EXTIF="eth1"
  EXTIP="192.168.1.8/32"
  UNIVERSO="0.0.0.0/0"
  PALTAS="1024:65535"
  IPTABLE="/sbin/iptables"
  LOGGING="-l"


  # Geral
  echo " - Desabilitando ataques de IP Spoofing."
  echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter

  # Habilitando FORWARDing
  echo "1" > /proc/sys/net/ipv4/ip_forward

  # Kill Timestamps
  echo "0" > /proc/sys/net/ipv4/tcp_timestamps

  # Habilitando protecao a Cookie TCP SYN
  echo " - Habilitando protecao a Cookie TCP SYN."
  echo "1" > /proc/sys/net/ipv4/tcp_syncookies

  # Certifique que as configuracoes de diversos ICMP sanity estao presentes.
  echo " - Habilitando configuracoes de ICMP."

  # Desabilitando protecao a echo de broadcast ICMP.
  echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  # Habilitando protecao a mensagem de "bad error"
  echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

  # Desabilitando redirecionamentos de ICMP
  echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

  # Logar pacotes spoofed, roteados na origem ou redirecionados.
  echo " - Logar pacotes spoofed, roteados na origem ou redirecionados "
  echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

  # Set out local port range
  echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range

  # Reduce Dos'ing ability by reducing timeout
  echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
  echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time
  echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
  echo "0" > /proc/sys/net/ipv4/tcp_sack

  # Carga dos Modulos
  /sbin/modprobe ip_tables
  /sbin/modprobe iptable_filter
  /sbin/modprobe ip_nat_ftp
  /sbin/modprobe iptable_nat
  /sbin/modprobe ip_conntrack
  /sbin/modprobe ip_conntrack_ftp
  #Regra para pacotes com defeito
  $IPTABLE -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  $IPTABLE -A INPUT -m state --state INVALID -j DROP
  $IPTABLE -A FORWARD -m state --state INVALID -j DROP

  $IPTABLE -t nat -A POSTROUTING -s $REDEINT -d $UNIVERSO -o $EXTIF -j MASQUERADE

在我的rc.local

  #!/bin/sh -e
  #      
  # rc.local
  #
  # This script is executed at the end of each multiuser runlevel.
  # Make sure that the script will "exit 0" on success or any other
  # value on error.
  #
  # In order to enable or disable this script just change the execution
  # bits.
  #
  # By default this script does nothing.

  noip2


  # Variaveis
  LOIF="lo"
  LOIP="127.0.0.1/32"
  LOOPBACKIF="lo"
  LOOPBACKIP="127.0.0.1/32"


  INTIF="eth0"
  INTIP="192.3.1.2/32"
  REDEINT="192.3.1.0/24"

  EXTIF="eth1"
  EXTIP="192.168.1.8/32"
  UNIVERSO="0.0.0.0/0"
  PALTAS="1024:65535"
  IPTABLE="/sbin/iptables"
  LOGGING="-l"


  # Geral
  echo " - Desabilitando ataques de IP Spoofing."
  echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter

  # Habilitando FORWARDing
  echo "1" > /proc/sys/net/ipv4/ip_forward

  # Kill Timestamps
  echo "0" > /proc/sys/net/ipv4/tcp_timestamps

  # Habilitando protecao a Cookie TCP SYN
  echo " - Habilitando protecao a Cookie TCP SYN."
  echo "1" > /proc/sys/net/ipv4/tcp_syncookies

  # Certifique que as configuracoes de diversos ICMP sanity estao presentes.
  echo " - Habilitando configuracoes de ICMP."

  # Desabilitando protecao a echo de broadcast ICMP.
  echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  # Habilitando protecao a mensagem de "bad error"
  echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

  # Desabilitando redirecionamentos de ICMP
  echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

  # Logar pacotes spoofed, roteados na origem ou redirecionados.
  echo " - Logar pacotes spoofed, roteados na origem ou redirecionados "
  echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

  # Set out local port range
  echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range

  # Reduce Dos'ing ability by reducing timeout
  echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
  echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time
  echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
  echo "0" > /proc/sys/net/ipv4/tcp_sack

  # Carga dos Modulos
  /sbin/modprobe ip_tables
  /sbin/modprobe iptable_filter
  /sbin/modprobe ip_nat_ftp
  /sbin/modprobe iptable_nat
  /sbin/modprobe ip_conntrack
  /sbin/modprobe ip_conntrack_ftp
  #Regra para pacotes com defeito
  $IPTABLE -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  $IPTABLE -A INPUT -m state --state INVALID -j DROP
  $IPTABLE -A FORWARD -m state --state INVALID -j DROP

  $IPTABLE -t nat -A POSTROUTING -s $REDEINT -d $UNIVERSO -o $EXTIF -j MASQUERADE  

  exit 0

答案1

是的。编辑/etc/rc.local并将命令放在此处。记得以以下代码结束脚本exit 0

相关内容