Add ip6tables and iptables-persistent

include/check_sw.sh

@@ -56,6 +56,7 @@ installDepsCentOS() {
     if [ "${iptables_yn}" == 'y' ]; then
       yum -y install iptables-services
       systemctl enable iptables.service
+      systemctl enable ip6tables.service
     fi
   elif [ "${CentOS_ver}" == '6' ]; then
     yum -y groupremove "FTP Server" "PostgreSQL Database client" "PostgreSQL Database server" "MySQL Database server" "MySQL Database client" "Web Server"

include/init_CentOS.sh

@@ -143,8 +143,13 @@ EOF
 
   FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/sysconfig/iptables)
   [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/sysconfig/iptables
+  /bin/cp /etc/sysconfig/{iptables,ip6tables}
+  sed -i 's@icmp@icmpv6@g' /etc/sysconfig/ip6tables 
+  ip6tables-restore < /etc/sysconfig/ip6tables
+  service iptables save
+  service ip6tables save
   chkconfig --level 3 iptables on
-  service iptables restart
+  chkconfig --level 3 ip6tables on
 fi
 service rsyslog restart
 service sshd restart

include/init_Debian.sh

@@ -90,6 +90,10 @@ ntpdate pool.ntp.org
 
 # iptables
 if [ "${iptables_yn}" == 'y' ]; then
+  apt-get -y install debconf-utils
+  echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+  echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+  apt-get -y install iptables-persistent
   if [ -e "/etc/iptables/rules.v4" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables/rules.v4)" ]; then
     IPTABLES_STATUS=yes
   else
@@ -97,8 +101,6 @@ if [ "${iptables_yn}" == 'y' ]; then
   fi
 
   if [ "${IPTABLES_STATUS}" == "no" ]; then
-    apt-get -y --force-yes install iptables-persistent &&
-    [ -e "/etc/iptables/rules.v4" ] && /bin/mv /etc/iptables/rules.v4{,_bk}
     cat > /etc/iptables/rules.v4 << EOF
 # Firewall configuration written by system-config-securitylevel
 # Manual customization of this file is not recommended.
@@ -119,7 +121,11 @@ EOF
 
   FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables/rules.v4)
   [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables/rules.v4
-  iptables-save < /etc/iptables/rules.v4
+  iptables-restore < /etc/iptables/rules.v4
+  /bin/cp /etc/iptables/rules.v{4,6}
+  sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+  ip6tables-restore < /etc/iptables/rules.v6
+  ip6tables-save > /etc/iptables/rules.v6 
 fi
 service rsyslog restart
 service ssh restart

include/init_Ubuntu.sh

@@ -98,15 +98,18 @@ ntpdate pool.ntp.org
 
 # iptables
 if [ "${iptables_yn}" == 'y' ]; then
-  if [ -e "/etc/iptables.up.rules" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules)" ]; then
+  apt-get -y install debconf-utils
+  echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+  echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+  apt-get -y install iptables-persistent
+  if [ -e "/etc/iptables/rules.v4" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables/rules.v4)" ]; then
     IPTABLES_STATUS=yes
   else
     IPTABLES_STATUS=no
   fi
 
   if [ "${IPTABLES_STATUS}" == "no" ]; then
-    [ -e "/etc/iptables.up.rules" ] && /bin/mv /etc/iptables.up.rules{,_bk}
-    cat > /etc/iptables.up.rules << EOF
+    cat > /etc/iptables/rules.v4 << EOF
 # Firewall configuration written by system-config-securitylevel
 # Manual customization of this file is not recommended.
 *filter
@@ -124,14 +127,13 @@ COMMIT
 EOF
   fi
 
-  FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables.up.rules)
-  [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables.up.rules
-  iptables-restore < /etc/iptables.up.rules
-  cat > /etc/network/if-pre-up.d/iptables << EOF
-#!/bin/bash
-/sbin/iptables-restore < /etc/iptables.up.rules
-EOF
-  chmod +x /etc/network/if-pre-up.d/iptables
+  FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables/rules.v4)
+  [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables/rules.v4
+  iptables-restore < /etc/iptables/rules.v4
+  /bin/cp /etc/iptables/rules.v{4,6}
+  sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+  ip6tables-restore < /etc/iptables/rules.v6
+  ip6tables-save > /etc/iptables/rules.v6 
 fi
 service rsyslog restart
 service ssh restart

include/pureftpd.sh

@@ -55,12 +55,28 @@ Install_PureFTPd() {
           iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
           iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
           service iptables save
+          /bin/cp /etc/sysconfig/{iptables,ip6tables}
+          sed -i 's@icmp@icmpv6@g' /etc/sysconfig/ip6tables
+          ip6tables-restore < /etc/sysconfig/ip6tables
+          service ip6tables save
         fi
       elif [ "${PM}" == 'apt-get' ]; then
-        if [ -z "$(grep '20000:30000' /etc/iptables.up.rules)" ]; then
-          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-          iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
-          iptables-save > /etc/iptables.up.rules
+        if [ -e '/etc/iptables/rules.v4' ]; then
+          if [ -z "$(grep '20000:30000' /etc/iptables/rules.v4)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
+            iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
+            iptables-save > /etc/iptables/rules.v4
+            /bin/cp /etc/iptables/rules.v{4,6}
+            sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+            ip6tables-restore < /etc/iptables/rules.v6
+            ip6tables-save > /etc/iptables/rules.v6
+          fi
+        elif [ -e '/etc/iptables.up.rules' ]; then
+          if [ -z "$(grep '20000:30000' /etc/iptables.up.rules)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
+            iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
+            iptables-save > /etc/iptables.up.rules
+          fi
         fi
       fi
     fi

include/tomcat-6.sh

@@ -17,10 +17,10 @@ Install_Tomcat6() {
   # install apr
   if [ ! -e "/usr/local/apr/bin/apr-1-config" ]; then
     tar xzf apr-${apr_ver}.tar.gz
-    pushd apr-${apr_ver}
+    pushd apr-${apr_ver} > /dev/null
     ./configure
     make -j ${THREAD} && make install
-    popd
+    popd > /dev/null
     rm -rf apr-${apr_ver}
   fi
 
@@ -46,12 +46,12 @@ Install_Tomcat6() {
   #popd
   #rm -rf ${tomcat_install_dir}/lib/catalina
 
-  pushd ${tomcat_install_dir}/bin
+  pushd ${tomcat_install_dir}/bin > /dev/null
   tar xzf tomcat-native.tar.gz
-  pushd tomcat-native-*-src/native
+  pushd tomcat-native-*-src/native > /dev/null
     ./configure --with-apr=/usr/local/apr --with-ssl=${openssl_install_dir}
     make -j ${THREAD} && make install
-  popd
+  popd > /dev/null
   rm -rf tomcat-native-*
   if [ -e "/usr/local/apr/lib/libtcnative-1.la" ]; then
     [ ${Mem} -le 768 ] && let Xms_Mem="${Mem}/3" || Xms_Mem=256
@@ -76,11 +76,26 @@ EOF
           if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
             iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
             service iptables save
+            /bin/cp /etc/sysconfig/{iptables,ip6tables}
+            sed -i 's@icmp@icmpv6@g' /etc/sysconfig/ip6tables
+            ip6tables-restore < /etc/sysconfig/ip6tables
+            service ip6tables save
           fi
         elif [ "${PM}" == 'apt-get' ]; then
-          if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
-            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-            iptables-save > /etc/iptables.up.rules
+          if [ -e '/etc/iptables/rules.v4' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables/rules.v4)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables/rules.v4
+              /bin/cp /etc/iptables/rules.v{4,6}
+              sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+              ip6tables-restore < /etc/iptables/rules.v6
+              ip6tables-save > /etc/iptables/rules.v6
+            fi
+          elif [ -e '/etc/iptables.up.rules' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables.up.rules
+            fi
           fi
         fi
       fi
@@ -129,9 +144,9 @@ EOF
     echo "${CSUCCESS}Tomcat installed successfully! ${CEND}"
     rm -rf apache-tomcat-${tomcat6_ver}
   else
-    popd
+    popd > /dev/null
     echo "${CFAILURE}Tomcat install failed, Please contact the author! ${CEND}"
   fi
   service tomcat start
-  popd
+  popd > /dev/null
 }

include/tomcat-7.sh

@@ -17,10 +17,10 @@ Install_Tomcat7() {
   # install apr
   if [ ! -e "/usr/local/apr/bin/apr-1-config" ]; then
     tar xzf apr-${apr_ver}.tar.gz
-    pushd apr-${apr_ver}
+    pushd apr-${apr_ver} > /dev/null
     ./configure
     make -j ${THREAD} && make install
-    popd
+    popd > /dev/null
     rm -rf apr-${apr_ver}
   fi
 
@@ -46,12 +46,12 @@ Install_Tomcat7() {
   #popd
   #rm -rf ${tomcat_install_dir}/lib/catalina
 
-  pushd ${tomcat_install_dir}/bin
+  pushd ${tomcat_install_dir}/bin > /dev/null
   tar xzf tomcat-native.tar.gz
-  pushd tomcat-native-*-src/native
+  pushd tomcat-native-*-src/native > /dev/null
     ./configure --with-apr=/usr/local/apr --with-ssl=${openssl_install_dir}
     make -j ${THREAD} && make install
-  popd
+  popd > /dev/null
   rm -rf tomcat-native-*
   if [ -e "/usr/local/apr/lib/libtcnative-1.la" ]; then
     [ ${Mem} -le 768 ] && let Xms_Mem="${Mem}/3" || Xms_Mem=256
@@ -76,11 +76,26 @@ EOF
           if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
             iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
             service iptables save
+            /bin/cp /etc/sysconfig/{iptables,ip6tables}
+            sed -i 's@icmp@icmpv6@g' /etc/sysconfig/ip6tables
+            ip6tables-restore < /etc/sysconfig/ip6tables
+            service ip6tables save
           fi
         elif [ "${PM}" == 'apt-get' ]; then
-          if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
-            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-            iptables-save > /etc/iptables.up.rules
+          if [ -e '/etc/iptables/rules.v4' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables/rules.v4)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables/rules.v4
+              /bin/cp /etc/iptables/rules.v{4,6}
+              sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+              ip6tables-restore < /etc/iptables/rules.v6
+              ip6tables-save > /etc/iptables/rules.v6
+            fi
+          elif [ -e '/etc/iptables.up.rules' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables.up.rules
+            fi
           fi
         fi
       fi
@@ -129,9 +144,9 @@ EOF
     echo "${CSUCCESS}Tomcat installed successfully! ${CEND}"
     rm -rf apache-tomcat-${tomcat7_ver}
   else
-    popd
+    popd > /dev/null
     echo "${CFAILURE}Tomcat install failed, Please contact the author! ${CEND}"
   fi
   service tomcat start
-  popd
+  popd > /dev/null
 }

include/tomcat-8.sh

@@ -17,10 +17,10 @@ Install_Tomcat8() {
   # install apr
   if [ ! -e "/usr/local/apr/bin/apr-1-config" ]; then
     tar xzf apr-${apr_ver}.tar.gz
-    pushd apr-${apr_ver}
+    pushd apr-${apr_ver} > /dev/null
     ./configure
     make -j ${THREAD} && make install
-    popd
+    popd > /dev/null
     rm -rf apr-${apr_ver}
   fi
 
@@ -46,12 +46,12 @@ Install_Tomcat8() {
   #popd
   #rm -rf ${tomcat_install_dir}/lib/catalina
 
-  pushd ${tomcat_install_dir}/bin
+  pushd ${tomcat_install_dir}/bin > /dev/null
   tar xzf tomcat-native.tar.gz
-  pushd tomcat-native-*-src/native
+  pushd tomcat-native-*-src/native > /dev/null
     ./configure --with-apr=/usr/local/apr --with-ssl=${openssl_install_dir}
     make -j ${THREAD} && make install
-  popd
+  popd > /dev/null
   rm -rf tomcat-native-*
   if [ -e "/usr/local/apr/lib/libtcnative-1.la" ]; then
     [ ${Mem} -le 768 ] && let Xms_Mem="${Mem}/3" || Xms_Mem=256
@@ -76,11 +76,26 @@ EOF
           if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
             iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
             service iptables save
+            /bin/cp /etc/sysconfig/{iptables,ip6tables}
+            sed -i 's@icmp@icmpv6@g' /etc/sysconfig/ip6tables
+            ip6tables-restore < /etc/sysconfig/ip6tables
+            service ip6tables save
           fi
         elif [ "${PM}" == 'apt-get' ]; then
-          if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
-            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-            iptables-save > /etc/iptables.up.rules
+          if [ -e '/etc/iptables/rules.v4' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables/rules.v4)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables/rules.v4
+              /bin/cp /etc/iptables/rules.v{4,6}
+              sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+              ip6tables-restore < /etc/iptables/rules.v6
+              ip6tables-save > /etc/iptables/rules.v6
+            fi
+          elif [ -e '/etc/iptables.up.rules' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables.up.rules
+            fi
           fi
         fi
       fi
@@ -129,9 +144,9 @@ EOF
     echo "${CSUCCESS}Tomcat installed successfully! ${CEND}"
     rm -rf apache-tomcat-${tomcat8_ver}
   else
-    popd
+    popd > /dev/null
     echo "${CFAILURE}Tomcat install failed, Please contact the author! ${CEND}"
   fi
   service tomcat start
-  popd
+  popd > /dev/null
 }

include/tomcat-9.sh

@@ -17,10 +17,10 @@ Install_Tomcat9() {
   # install apr
   if [ ! -e "/usr/local/apr/bin/apr-1-config" ]; then
     tar xzf apr-${apr_ver}.tar.gz
-    pushd apr-${apr_ver}
+    pushd apr-${apr_ver} > /dev/null
     ./configure
     make -j ${THREAD} && make install
-    popd
+    popd > /dev/null
     rm -rf apr-${apr_ver}
   fi
 
@@ -46,12 +46,12 @@ Install_Tomcat9() {
   #popd
   #rm -rf ${tomcat_install_dir}/lib/catalina
 
-  pushd ${tomcat_install_dir}/bin
+  pushd ${tomcat_install_dir}/bin > /dev/null
   tar xzf tomcat-native.tar.gz
-  pushd tomcat-native-*-src/native
+  pushd tomcat-native-*-src/native > /dev/null
     ./configure --with-apr=/usr/local/apr --with-ssl=${openssl_install_dir}
     make -j ${THREAD} && make install
-  popd
+  popd > /dev/null
   rm -rf tomcat-native-*
   if [ -e "/usr/local/apr/lib/libtcnative-1.la" ]; then
     [ ${Mem} -le 768 ] && let Xms_Mem="${Mem}/3" || Xms_Mem=256
@@ -76,11 +76,26 @@ EOF
           if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
             iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
             service iptables save
+            /bin/cp /etc/sysconfig/{iptables,ip6tables}
+            sed -i 's@icmp@icmpv6@g' /etc/sysconfig/ip6tables
+            ip6tables-restore < /etc/sysconfig/ip6tables
+            service ip6tables save
           fi
         elif [ "${PM}" == 'apt-get' ]; then
-          if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
-            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-            iptables-save > /etc/iptables.up.rules
+          if [ -e '/etc/iptables/rules.v4' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables/rules.v4)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables/rules.v4
+              /bin/cp /etc/iptables/rules.v{4,6}
+              sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+              ip6tables-restore < /etc/iptables/rules.v6
+              ip6tables-save > /etc/iptables/rules.v6
+            fi
+          elif [ -e '/etc/iptables.up.rules' ]; then
+            if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
+              iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+              iptables-save > /etc/iptables.up.rules
+            fi
           fi
         fi
       fi
@@ -129,9 +144,9 @@ EOF
     echo "${CSUCCESS}Tomcat installed successfully! ${CEND}"
     rm -rf apache-tomcat-${tomcat9_ver}
   else
-    popd
+    popd > /dev/null
     echo "${CFAILURE}Tomcat install failed, Please contact the author! ${CEND}"
   fi
   service tomcat start
-  popd
+  popd > /dev/null
 }

ss.sh

@@ -50,6 +50,8 @@ AddUser_SS() {
 Iptables_set() {
   if [ -e '/etc/sysconfig/iptables' ]; then
     SS_Already_port=$(grep -oE '9[0-9][0-9][0-9]' /etc/sysconfig/iptables | head -n 1)
+  elif [ -e '/etc/iptables/rules.v4' ]; then
+    SS_Already_port=$(grep -oE '9[0-9][0-9][0-9]' /etc/iptables/rules.v4 | head -n 1)
   elif [ -e '/etc/iptables.up.rules' ]; then
     SS_Already_port=$(grep -oE '9[0-9][0-9][0-9]' /etc/iptables.up.rules | head -n 1)
   fi
@@ -75,15 +77,30 @@ Iptables_set() {
       iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
       iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
       service iptables save
+      /bin/cp /etc/sysconfig/{iptables,ip6tables}
+      sed -i 's@icmp@icmpv6@g' /etc/sysconfig/ip6tables
+      ip6tables-restore < /etc/sysconfig/ip6tables
+      service ip6tables save
     fi
   elif [ "${PM}" == 'apt-get' ]; then
-    if [ -n "`grep 'dport 80 ' /etc/iptables.up.rules`" -a -z "$(grep -E ${SS_port} /etc/iptables.up.rules)" ]; then
-      iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
-      iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
-      iptables-save > /etc/iptables.up.rules
+    if [ -e '/etc/iptables/rules.v4' ]; then
+      if [ -n "`grep 'dport 80 ' /etc/iptables/rules.v4`" -a -z "$(grep -E ${SS_port} /etc/iptables/rules.v4)" ]; then
+        iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
+        iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
+        iptables-save > /etc/iptables/rules.v4
+        /bin/cp /etc/iptables/rules.v{4,6}
+        sed -i 's@icmp@icmpv6@g' /etc/iptables/rules.v6
+        ip6tables-restore < /etc/iptables/rules.v6
+        ip6tables-save > /etc/iptables/rules.v6
+      fi
+    elif [ -e '/etc/iptables.up.rules' ]; then
+      if [ -n "`grep 'dport 80 ' /etc/iptables.up.rules`" -a -z "$(grep -E ${SS_port} /etc/iptables.up.rules)" ]; then
+        iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
+        iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
+        iptables-save > /etc/iptables.up.rules
+      fi
     fi
   fi
-
 }
 
 Def_parameter() {
@@ -140,23 +157,23 @@ Install_SS-libev() {
   src_url=http://mirrors.linuxeye.com/oneinstack/src/mbedtls-2.14.1-apache.tgz && Download_src
   if [ ! -e "/usr/local/lib/libsodium.la" ]; then
     tar xzf libsodium-${libsodium_ver}.tar.gz
-    pushd libsodium-${libsodium_ver}
+    pushd libsodium-${libsodium_ver} > /dev/null
     ./configure --disable-dependency-tracking --enable-minimal
     make -j ${THREAD} && make install
-    popd
+    popd > /dev/null
     rm -rf libsodium-${libsodium_ver}
   fi
   tar xzf mbedtls-2.14.1-apache.tgz
-  pushd mbedtls-2.14.1
+  pushd mbedtls-2.14.1 > /dev/null
   make SHARED=1 CFLAGS=-fPIC
   make DESTDIR=/usr install
-  popd
+  popd > /dev/null
   tar xzf shadowsocks-libev-3.2.3.tar.gz
-  pushd shadowsocks-libev-3.2.3
+  pushd shadowsocks-libev-3.2.3 > /dev/null
   make clean
   ./configure
   make -j ${THREAD} && make install
-  popd
+  popd > /dev/null
   [ -z "`grep /usr/local/lib /etc/ld.so.conf.d/*.conf`" ] && echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
   ldconfig
   if [ -f /usr/local/bin/ss-server ]; then

versions.txt

@@ -7,7 +7,7 @@ openssl11_ver=1.1.1a
 openssl_ver=1.0.2q
 
 tomcat9_ver=9.0.14
-tomcat8_ver=8.5.35
+tomcat8_ver=8.5.37
 tomcat7_ver=7.0.92
 tomcat6_ver=6.0.53