#!/bin/bash
# Execute the script from the URL and remove it after execution:
# wget -O  /tmp/manage_iptables.sh https://git.technozone.com.au/vijay/Scripts/raw/branch/main/manage_iptables && bash /tmp/manage_iptables.sh && rm -f /tmp/manage_iptables.sh




# Function to display the menu
show_menu() {
    echo "=============================="
    echo "       Iptables Manager       "
    echo "=============================="
    echo "1. List all chains"
    echo "2. Check IP address in a chain"
    echo "3. Add IP address and port to a chain"
    echo "4. Remove IP address from a chain"
    echo "5. Check IP address in Fail2ban"
    echo "6. Remove IP address from Fail2ban"
    echo "7. Exit"
    echo "=============================="
}

# Function to list all available chains
list_chains() {
    echo "Available chains:"
    echo "1. INPUT"
    echo "2. OUTPUT"
    echo "3. FORWARD"
}

# Function to check if an IP address is in a specified chain
is_in_chain() {
    local chain=$1
    local ip_address=$2
    sudo iptables -C "$chain" -s "$ip_address" -j ACCEPT &> /dev/null || sudo iptables -C "$chain" -s "$ip_address" -j DROP &> /dev/null
}

# Function to check if an IP address exists in a chain
check_ip_address() {
    read -p "Enter the IP address to check: " ip_address
    list_chains
    read -p "Select a chain (1-3): " chain_option
    case $chain_option in
        1) chain="INPUT" ;;
        2) chain="OUTPUT" ;;
        3) chain="FORWARD" ;;
        *) echo "Invalid chain selection."; return ;;
    esac

    if is_in_chain "$chain" "$ip_address"; then
        echo "IP address $ip_address exists in chain $chain."
    else
        echo "IP address $ip_address does not exist in chain $chain."
    fi
}

# Function to add IP address and port to a specified chain
add_to_chain() {
    list_chains
    read -p "Select a chain (1-3): " chain_option
    case $chain_option in
        1) chain="INPUT" ;;
        2) chain="OUTPUT" ;;
        3) chain="FORWARD" ;;
        *) echo "Invalid chain selection."; return ;;
    esac

    read -p "Enter the IP address to add: " ip_address
    read -p "Enter the port number: " port
    read -p "Enter the target action (ACCEPT or DROP): " action

    if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
        sudo iptables -A "$chain" -s "$ip_address" -p tcp --dport "$port" -j "$action"
        echo "IP address $ip_address added to chain $chain on port $port with action $action."
    else
        echo "Invalid action. Please use ACCEPT or DROP."
    fi
}

# Function to remove IP address from a specified chain
remove_from_chain() {
    list_chains
    read -p "Select a chain (1-3): " chain_option
    case $chain_option in
        1) chain="INPUT" ;;
        2) chain="OUTPUT" ;;
        3) chain="FORWARD" ;;
        *) echo "Invalid chain selection."; return ;;
    esac

    read -p "Enter the IP address to remove: " ip_address
    read -p "Enter the port number: " port
    read -p "Enter the target action (ACCEPT or DROP): " action

    if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
        sudo iptables -D "$chain" -s "$ip_address" -p tcp --dport "$port" -j "$action"
        echo "IP address $ip_address removed from chain $chain on port $port with action $action."
    else
        echo "Invalid action. Please use ACCEPT or DROP."
    fi
}

# Function to check if an IP address is in Fail2ban
check_ip_in_fail2ban() {
    read -p "Enter the IP address to check in Fail2ban: " ip_address
    if sudo fail2ban-client status | grep -q "$ip_address"; then
        echo "IP address $ip_address is banned in Fail2ban."
    else
        echo "IP address $ip_address is not banned in Fail2ban."
    fi
}



# Function to list available Fail2ban jails and their status
list_fail2ban_jails() {
    echo "Available Fail2ban jails and their status:"
    fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status
}


# Function to remove an IP address from Fail2ban
remove_ip_from_fail2ban() {
    read -p "Enter the IP address to remove from Fail2ban: " ip_address
    list_fail2ban_jails
    read -p "Select a jail from the list above: " jail_name

    if sudo fail2ban-client status "$jail_name" | grep -q "$ip_address"; then
        sudo fail2ban-client set "$jail_name" unbanip "$ip_address"
        echo "IP address $ip_address has been removed from Fail2ban in jail $jail_name."
    else
        echo "IP address $ip_address is not banned in jail $jail_name."
    fi
}

# Main script loop
while true; do
    show_menu
    read -p "Select an option [1-7]: " option

    # Check if input is empty
    if [[ -z "$option" ]]; then
        echo "No option selected. Please try again."
        continue
    fi

    case $option in
        1)
            list_chains
            ;;
        2)
            check_ip_address
            ;;
        3)
            add_to_chain
            ;;
        4)
            remove_from_chain
            ;;
        5)
            check_ip_in_fail2ban
            ;;
        6)
            remove_ip_from_fail2ban
            ;;
        7)
            echo "Exiting..."
            exit 0
            ;;
        *)
            echo "Invalid option. Please try again."
            ;;
    esac
done