diff --git a/manage_iptables b/manage_iptables index 8eb1bcc..ab755bc 100644 --- a/manage_iptables +++ b/manage_iptables @@ -3,26 +3,24 @@ # wget -O- https://git.technozone.com.au/vijay/Scripts/raw/branch/main/manage_iptables && bash /tmp/manage_iptables.sh && rm -f /tmp/manage_iptables.sh + # Function to display the menu show_menu() { echo "==============================" echo " Iptables Manager " echo "==============================" - echo "1. Add IP address to a chain" - echo "2. Remove IP address from a chain" - echo "3. Check if IP address exists in any chain" - echo "4. Exit" + echo "1. List all chains" + echo "2. Check IP address in a chain" + echo "3. Add IP address and port to a chain" + echo "4. Remove IP address from a chain" + echo "5. Check IP address in Fail2ban" + echo "6. Remove IP address from Fail2ban" + echo "7. Exit" echo "==============================" } -# Function to list current iptables rules -list_rules() { - echo "Current iptables rules:" - sudo iptables -L -n -v -} - -# Function to get available chains -get_chains() { +# Function to list all available chains +list_chains() { echo "Available chains:" echo "1. INPUT" echo "2. OUTPUT" @@ -36,9 +34,28 @@ is_in_chain() { sudo iptables -C "$chain" -s "$ip_address" -j ACCEPT &> /dev/null || sudo iptables -C "$chain" -s "$ip_address" -j DROP &> /dev/null } -# Function to add IP address to a specified chain +# Function to check if an IP address exists in a chain +check_ip_address() { + read -p "Enter the IP address to check: " ip_address + list_chains + read -p "Select a chain (1-3): " chain_option + case $chain_option in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + *) echo "Invalid chain selection."; return ;; + esac + + if is_in_chain "$chain" "$ip_address"; then + echo "IP address $ip_address exists in chain $chain." + else + echo "IP address $ip_address does not exist in chain $chain." + fi +} + +# Function to add IP address and port to a specified chain add_to_chain() { - get_chains + list_chains read -p "Select a chain (1-3): " chain_option case $chain_option in 1) chain="INPUT" ;; @@ -48,22 +65,20 @@ add_to_chain() { esac read -p "Enter the IP address to add: " ip_address - if is_in_chain "$chain" "$ip_address"; then - echo "IP address $ip_address is already in the chain $chain." + read -p "Enter the port number: " port + read -p "Enter the target action (ACCEPT or DROP): " action + + if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then + sudo iptables -A "$chain" -s "$ip_address" -p tcp --dport "$port" -j "$action" + echo "IP address $ip_address added to chain $chain on port $port with action $action." else - read -p "Enter the target action (ACCEPT or DROP): " action - if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then - sudo iptables -A "$chain" -s "$ip_address" -j "$action" - echo "IP address $ip_address added to chain $chain with action $action." - else - echo "Invalid action. Please use ACCEPT or DROP." - fi + echo "Invalid action. Please use ACCEPT or DROP." fi } # Function to remove IP address from a specified chain remove_from_chain() { - get_chains + list_chains read -p "Select a chain (1-3): " chain_option case $chain_option in 1) chain="INPUT" ;; @@ -73,35 +88,43 @@ remove_from_chain() { esac read -p "Enter the IP address to remove: " ip_address - if is_in_chain "$chain" "$ip_address"; then - read -p "Enter the target action (ACCEPT or DROP): " action - if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then - sudo iptables -D "$chain" -s "$ip_address" -j "$action" - echo "IP address $ip_address removed from chain $chain with action $action." - else - echo "Invalid action. Please use ACCEPT or DROP." - fi + read -p "Enter the port number: " port + read -p "Enter the target action (ACCEPT or DROP): " action + + if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then + sudo iptables -D "$chain" -s "$ip_address" -p tcp --dport "$port" -j "$action" + echo "IP address $ip_address removed from chain $chain on port $port with action $action." else - echo "IP address $ip_address is not in the chain $chain." + echo "Invalid action. Please use ACCEPT or DROP." fi } -# Function to check if an IP address exists in any chain -check_ip_address() { - read -p "Enter the IP address to check: " ip_address - for chain in INPUT OUTPUT FORWARD; do - if is_in_chain "$chain" "$ip_address"; then - echo "IP address $ip_address exists in chain $chain." - return - fi - done - echo "IP address $ip_address does not exist in any chain." +# Function to check if an IP address is in Fail2ban +check_ip_in_fail2ban() { + read -p "Enter the IP address to check in Fail2ban: " ip_address + if sudo fail2ban-client status | grep -q "$ip_address"; then + echo "IP address $ip_address is banned in Fail2ban." + else + echo "IP address $ip_address is not banned in Fail2ban." + fi +} + +# Function to remove an IP address from Fail2ban +remove_ip_from_fail2ban() { + read -p "Enter the IP address to remove from Fail2ban: " ip_address + read -p "Enter the jail name (e.g., sshd, http-get-dos): " jail_name + if sudo fail2ban-client status "$jail_name" | grep -q "$ip_address"; then + sudo fail2ban-client set "$jail_name" unbanip "$ip_address" + echo "IP address $ip_address has been removed from Fail2ban in jail $jail_name." + else + echo "IP address $ip_address is not banned in jail $jail_name." + fi } # Main script loop while true; do show_menu - read -p "Select an option [1-4]: " option + read -p "Select an option [1-7]: " option # Check if input is empty if [[ -z "$option" ]]; then @@ -111,15 +134,24 @@ while true; do case $option in 1) - add_to_chain + list_chains ;; 2) - remove_from_chain - ;; - 3) check_ip_address ;; + 3) + add_to_chain + ;; 4) + remove_from_chain + ;; + 5) + check_ip_in_fail2ban + ;; + 6) + remove_ip_from_fail2ban + ;; + 7) echo "Exiting..." exit 0 ;;