#!/bin/sh #ver 0.1 0706/2017 hayden #this script for disable Xenserver VM VNC Console port #yelang007sheng@163.com start_iptables(){ xen_ver=`cat /etc/redhat-release |awk '{print $3}' |awk -F. '{print $1}'` if [ $xen_ver -eq 7 ];then /bin/systemctl status iptables.service >/dev/null if [ $? -ne 0 ];then /bin/systemctl start iptables.service >/dev/null fi else service iptables status >/dev/null if [ $? -ne 0 ];then service iptables start >/dev/null fi fi } vm_num(){ while : do read -p "Please input VM number: [ exp> 10 or 60 ] " num if [ `echo "$num" |grep -c '[^0-9]'` -ne 0 ]; then echo "Input VM Number error!!!" continue else if [ "$num" -gt 0 ]; then break else echo "Input VM Number error!!!" continue fi fi done } #get_vm_vncport(){ # xenstore-ls /local/domain |grep vnc-port |awk -F= '{print $2}' |sed 's/"//g' >/tmp/vm_vncport.tmp #} get_dom0_vncport(){ dom0_vnc_port=`xenstore-read /local/domain/0/console/vnc-port` } drop_vm_vncport(){ max_num=`echo "5900 + $num" |bc` for((i=5900;i<=$max_num;i++)) do iptables -I INPUT -p tcp --dport $i -j DROP >/dev/null done #except dom0 VNC port get_dom0_vncport iptables -I INPUT -p tcp --dport "$dom0_vnc_port" -j ACCEPT } #main start_iptables vm_num drop_vm_vncport service iptables save echo "done"
#!/bin/sh #ver 0.1 0706/2017 hayden #this script for enable Xenserver VM VNC Console port #yelang007sheng@163.com start_iptables(){ xen_ver=`cat /etc/redhat-release |awk '{print $3}' |awk -F. '{print $1}'` if [ $xen_ver -eq 7 ];then /bin/systemctl status iptables.service >/dev/null if [ $? -ne 0 ];then /bin/systemctl start iptables.service >/dev/null fi else service iptables status >/dev/null if [ $? -ne 0 ];then service iptables start >/dev/null fi fi } vm_num(){ while : do read -p "Please input VM number: [ exp> 10 or 60 ] " num if [ `echo "$num" |grep -c '[^0-9]'` -ne 0 ]; then echo "Input VM Number error!!!" continue else if [ "$num" -gt 0 ]; then break else echo "Input VM Number error!!!" continue fi fi done } #get_vm_vncport(){ # xenstore-ls /local/domain |grep vnc-port |awk -F= '{print $2}' |sed 's/"//g' >/tmp/vm_vncport.tmp #} get_dom0_vncport(){ dom0_vnc_port=`xenstore-read /local/domain/0/console/vnc-port` } drop_vm_vncport(){ max_num=`echo "5900 + $num" |bc` for((i=5900;i<=$max_num;i++)) do iptables -I INPUT -p tcp --dport $i -j ACCEPT >/dev/null done #except dom0 VNC port get_dom0_vncport iptables -I INPUT -p tcp --dport "$dom0_vnc_port" -j ACCEPT } #main start_iptables vm_num drop_vm_vncport service iptables save echo "done"