feat: 更新 iptables 别名，添加 -v 选项以显示详细信息

feat: 更新 jail.local 配置，设置 nftables 作为防火墙动作
feat: 移除 iptables 配置脚本及其服务文件
2026-04-26 17:56:52 +08:00 · 2026-04-26 17:56:46 +08:00 · 2026-04-26 17:56:36 +08:00
5 changed files with 44 additions and 41 deletions
--- a/configure_priv.sh
+++ b/configure_priv.sh
@ -353,49 +353,49 @@ configure_fail2ban() {
    fi
 }

-configure_iptables() {
-    [ $offline -eq 1 ] && return
-    [ "$(uname)" = "Darwin" ] && return
+# configure_iptables() {
+#     [ $offline -eq 1 ] && return
+#     [ "$(uname)" = "Darwin" ] && return

-    # 如果 ufw 是 active，就直接返回
-    if command_exists ufw; then
-        if sudo ufw status | grep -q "Status: active"; then
-            echo "检测到 ufw 已启用，跳过 iptables 配置。"
-            return
-        fi
-        if confirm_action "检测到 ufw 已存在，是否直接使用 ufw 进行管理，跳过 iptables" "Y"; then
-            return
-        fi
-    fi
+#     # 如果 ufw 是 active，就直接返回
+#     if command_exists ufw; then
+#         if sudo ufw status | grep -q "Status: active"; then
+#             echo "检测到 ufw 已启用，跳过 iptables 配置。"
+#             return
+#         fi
+#         if confirm_action "检测到 ufw 已存在，是否直接使用 ufw 进行管理，跳过 iptables" "Y"; then
+#             return
+#         fi
+#     fi

-    if command_exists ifquery && systemctl is-active --quiet networking; then
-        # ifupdown: /etc/network/if-pre-up.d/iptables-load
-        [ -f /etc/network/if-pre-up.d/iptables-load ] && return
-        if confirm_action "要配置 iptables 吗？" "N"; then
-            sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load
-            sudo chmod +x /etc/network/if-pre-up.d/iptables-load
-            sudo sh /etc/network/if-pre-up.d/iptables-load
-        fi
-    else
-        # systemd: /etc/network/iptables-load
-        [ -f /etc/network/iptables-load ] && return
-        if confirm_action "要配置 iptables 吗？" "N"; then
-            if [ -f /etc/network/if-pre-up.d/iptables-load ]; then
-                sudo mv /etc/network/if-pre-up.d/iptables-load /etc/network/iptables-load
-            else
-                sudo cp $scriptdir/files/iptables-load /etc/network/iptables-load
-                sudo chmod +x /etc/network/iptables-load
-                sudo sh /etc/network/iptables-load
-            fi
+#     if command_exists ifquery && systemctl is-active --quiet networking; then
+#         # ifupdown: /etc/network/if-pre-up.d/iptables-load
+#         [ -f /etc/network/if-pre-up.d/iptables-load ] && return
+#         if confirm_action "要配置 iptables 吗？" "N"; then
+#             sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load
+#             sudo chmod +x /etc/network/if-pre-up.d/iptables-load
+#             sudo sh /etc/network/if-pre-up.d/iptables-load
+#         fi
+#     else
+#         # systemd: /etc/network/iptables-load
+#         [ -f /etc/network/iptables-load ] && return
+#         if confirm_action "要配置 iptables 吗？" "N"; then
+#             if [ -f /etc/network/if-pre-up.d/iptables-load ]; then
+#                 sudo mv /etc/network/if-pre-up.d/iptables-load /etc/network/iptables-load
+#             else
+#                 sudo cp $scriptdir/files/iptables-load /etc/network/iptables-load
+#                 sudo chmod +x /etc/network/iptables-load
+#                 sudo sh /etc/network/iptables-load
+#             fi

-            sudo cp $scriptdir/files/iptables-load.service /etc/systemd/system/iptables-load.service
-            sudo chmod +x /etc/systemd/system/iptables-load.service
-            sudo systemctl daemon-reload
-            sudo systemctl start iptables-load.service
-            sudo systemctl enable iptables-load.service
-        fi
-    fi
-}
+#             sudo cp $scriptdir/files/iptables-load.service /etc/systemd/system/iptables-load.service
+#             sudo chmod +x /etc/systemd/system/iptables-load.service
+#             sudo systemctl daemon-reload
+#             sudo systemctl start iptables-load.service
+#             sudo systemctl enable iptables-load.service
+#         fi
+#     fi
+# }

 configure_ufw() {
    [ $offline -eq 1 ] && return
--- a/files/.archived/iptables-load
+++ b/files/.archived/iptables-load
--- a/files/.archived/iptables-load.service
+++ b/files/.archived/iptables-load.service
--- a/files/jail.local
+++ b/files/jail.local
@ -11,6 +11,9 @@ maxretry = 5
 # banaction = firewallcmd-ipset
 # action    = %(action_mwl)s

+banaction = nftables
+banaction_allports = nftables[type=allports]
+
 [sshd]
 enabled = true
 filter  = sshd
--- a/files/zsh/51-alias.zsh
+++ b/files/zsh/51-alias.zsh
@ -13,7 +13,7 @@ alias hg='history | grep'
 command_exists() { command -v "$@" >/dev/null 2>&1; }

 if command_exists iptables; then
-    alias ipl='sudo iptables -L -n'
+    alias ipl='sudo iptables -L -n -v'
    if [ -f "/etc/network/iptables-load" ]; then
        alias ipe='sudo vi /etc/network/iptables-load'
        alias ips='sudo /etc/network/iptables-load'
Author	SHA1	Message	Date
Konano	2aeb16e9f7	feat: 更新 iptables 别名，添加 -v 选项以显示详细信息	2026-04-26 17:56:52 +08:00
Konano	81c0ad846e	feat: 更新 jail.local 配置，设置 nftables 作为防火墙动作	2026-04-26 17:56:46 +08:00
Konano	47d0a0fd22	feat: 移除 iptables 配置脚本及其服务文件	2026-04-26 17:56:36 +08:00