授权IP访问sshd服务

#!/bin/bash

echo "*/1 * * * * root sh /www/server/setip.sh       # set ip " >> /etc/crontab

# 写入计划任务文件

mysql -ueisc -p'password' -e "show databases;use eisc;create table eisc(id int,name varchar(66),address varchar(66),status varchar(66))"

# mysql 登录数据库 ； -e "" 执行命令

# show 列出数据库，use 进入数据库，create 创建表，字段：id，name， address，status

cat > /www/server/setip.sh << EOF

setip=(`mysql -uScheduling_eisc_ -p'eisc.cn' -e "show databases;use eisc;select status,address from setip" | grep setip | awk -F" " '{print $2}'`); echo ${setip[*]}

for i in ${setip[*]}

do

catip=$(cat /etc/firewalld/zones/public.xml | grep $i | wc -l)

if [ $catip -lt 1 ]; then

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$i" port protocol="tcp" port="1723" accept  "

#echo "AllowUsers root@$i" >> /etc/ssh/sshd_config

echo "added successfully $i"

else

echo "IP: $i add repeatedly "

fi

done

firewall-cmd --reload

EOF

# 授权IP脚本