#!/bin/bash

# 关闭端口
# 未判断端口是否是数字
# /usr/bin/firewall-cmd --zone=work --remove-port=xx/tcp --permanent

if [ $# -eq 0 ];then
	echo -e "\033[32;1mUSGE:$0 [port]\033[0m"
	exit 1
else
	while [ $# -gt 0 ]; do
		read -p "$1: TCP or UDP[default TCP]:" protocol
		: ${protocol:=tcp}
		case $protocol in
			tcp|TCP)
				protocol="tcp"
				;;
			udp|UDP)
				protocol="udp"
				;;
			*)
				echo -e "\033[31;1mCan not recognization the $protocol\033[0m"
				;;
		esac
		port=`/usr/bin/firewall-cmd --zone=work --list-port | grep -o $1/$protocol`
		if [[ -n $port ]];then
			/usr/bin/firewall-cmd --zone=work --remove-port=$1/$protocol --permanent
		else
			echo -e "\033[31;1m$1/$protocol not open! \033[0m"
		fi
		shift
	done
	/usr/bin/firewall-cmd --reload
fi