remove_unused_ufw_rules.sh
· 377 B · Bash
Raw
#!/bin/bash
# 获取所有已允许的 UFW 端口
allowed_ports=$(sudo ufw status | grep -oP '^\d+')
for port in $allowed_ports; do
# 检查端口是否在监听
if ! sudo ss -tuln | grep -q ":$port\s"; then
echo "Port $port is not in use. Removing allow rule..."
sudo ufw delete allow "$port"
else
echo "Port $port is in use."
fi
done
1 | #!/bin/bash |
2 | # 获取所有已允许的 UFW 端口 |
3 | allowed_ports=$(sudo ufw status | grep -oP '^\d+') |
4 | |
5 | for port in $allowed_ports; do |
6 | # 检查端口是否在监听 |
7 | if ! sudo ss -tuln | grep -q ":$port\s"; then |
8 | echo "Port $port is not in use. Removing allow rule..." |
9 | sudo ufw delete allow "$port" |
10 | else |
11 | echo "Port $port is in use." |
12 | fi |
13 | done |
14 |