xavieryang 修订了这个 Gist . 跳至此修订
1 file changed, 13 insertions
remove_unused_ufw_rules.sh(file created)
| @@ -0,0 +1,13 @@ | |||
| 1 | + | #!/bin/bash | |
| 2 | + | # 获取所有已允许的 UFW 端口 | |
| 3 | + | allowed_ports=$(sudo ufw status | grep -oP '^\d+') | |
| 4 | + | ||
| 5 | + | for port in $allowed_ports; do | |
| 6 | + | # 检查端口是否在监听 | |
| 7 | + | if ! sudo ss -tuln | grep -q ":$port\s"; then | |
| 8 | + | echo "Port $port is not in use. Removing allow rule..." | |
| 9 | + | sudo ufw delete allow "$port" | |
| 10 | + | else | |
| 11 | + | echo "Port $port is in use." | |
| 12 | + | fi | |
| 13 | + | done | |
更新
更早