vijay/Scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update manage_iptables

Browse Source
This commit is contained in:
vijay 2025-05-08 02:30:08 +00:00
parent 9f3c44496d
commit 2f98326772
1 changed files with 80 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
manage_iptables
View File

@ -3,26 +3,24 @@
# wget -O- https://git.technozone.com.au/vijay/Scripts/raw/branch/main/manage_iptables && bash /tmp/manage_iptables.sh && rm -f /tmp/manage_iptables.sh
# Function to display the menu
show_menu() {
echo "=============================="
echo " Iptables Manager "
echo "=============================="
echo "1. Add IP address to a chain"
echo "2. Remove IP address from a chain"
echo "3. Check if IP address exists in any chain"
echo "4. Exit"
echo "1. List all chains"
echo "2. Check IP address in a chain"
echo "3. Add IP address and port to a chain"
echo "4. Remove IP address from a chain"
echo "5. Check IP address in Fail2ban"
echo "6. Remove IP address from Fail2ban"
echo "7. Exit"
echo "=============================="
}
# Function to list current iptables rules
list_rules() {
echo "Current iptables rules:"
sudo iptables -L -n -v
}
# Function to get available chains
get_chains() {
# Function to list all available chains
list_chains() {
echo "Available chains:"
echo "1. INPUT"
echo "2. OUTPUT"
@ -36,9 +34,28 @@ is_in_chain() {
sudo iptables -C "$chain" -s "$ip_address" -j ACCEPT &> /dev/null || sudo iptables -C "$chain" -s "$ip_address" -j DROP &> /dev/null
}
# Function to add IP address to a specified chain
# Function to check if an IP address exists in a chain
check_ip_address() {
read -p "Enter the IP address to check: " ip_address
list_chains
read -p "Select a chain (1-3): " chain_option
case $chain_option in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo "Invalid chain selection."; return ;;
esac
if is_in_chain "$chain" "$ip_address"; then
echo "IP address $ip_address exists in chain $chain."
else
echo "IP address $ip_address does not exist in chain $chain."
fi
}
# Function to add IP address and port to a specified chain
add_to_chain() {
get_chains
list_chains
read -p "Select a chain (1-3): " chain_option
case $chain_option in
1) chain="INPUT" ;;
@ -48,22 +65,20 @@ add_to_chain() {
esac
read -p "Enter the IP address to add: " ip_address
if is_in_chain "$chain" "$ip_address"; then
echo "IP address $ip_address is already in the chain $chain."
read -p "Enter the port number: " port
read -p "Enter the target action (ACCEPT or DROP): " action
if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -A "$chain" -s "$ip_address" -p tcp --dport "$port" -j "$action"
echo "IP address $ip_address added to chain $chain on port $port with action $action."
else
read -p "Enter the target action (ACCEPT or DROP): " action
if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -A "$chain" -s "$ip_address" -j "$action"
echo "IP address $ip_address added to chain $chain with action $action."
else
echo "Invalid action. Please use ACCEPT or DROP."
fi
echo "Invalid action. Please use ACCEPT or DROP."
fi
}
# Function to remove IP address from a specified chain
remove_from_chain() {
get_chains
list_chains
read -p "Select a chain (1-3): " chain_option
case $chain_option in
1) chain="INPUT" ;;
@ -73,35 +88,43 @@ remove_from_chain() {
esac
read -p "Enter the IP address to remove: " ip_address
if is_in_chain "$chain" "$ip_address"; then
read -p "Enter the target action (ACCEPT or DROP): " action
if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -D "$chain" -s "$ip_address" -j "$action"
echo "IP address $ip_address removed from chain $chain with action $action."
else
echo "Invalid action. Please use ACCEPT or DROP."
fi
read -p "Enter the port number: " port
read -p "Enter the target action (ACCEPT or DROP): " action
if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -D "$chain" -s "$ip_address" -p tcp --dport "$port" -j "$action"
echo "IP address $ip_address removed from chain $chain on port $port with action $action."
else
echo "IP address $ip_address is not in the chain $chain."
echo "Invalid action. Please use ACCEPT or DROP."
fi
}
# Function to check if an IP address exists in any chain
check_ip_address() {
read -p "Enter the IP address to check: " ip_address
for chain in INPUT OUTPUT FORWARD; do
if is_in_chain "$chain" "$ip_address"; then
echo "IP address $ip_address exists in chain $chain."
return
fi
done
echo "IP address $ip_address does not exist in any chain."
# Function to check if an IP address is in Fail2ban
check_ip_in_fail2ban() {
read -p "Enter the IP address to check in Fail2ban: " ip_address
if sudo fail2ban-client status | grep -q "$ip_address"; then
echo "IP address $ip_address is banned in Fail2ban."
else
echo "IP address $ip_address is not banned in Fail2ban."
fi
}
# Function to remove an IP address from Fail2ban
remove_ip_from_fail2ban() {
read -p "Enter the IP address to remove from Fail2ban: " ip_address
read -p "Enter the jail name (e.g., sshd, http-get-dos): " jail_name
if sudo fail2ban-client status "$jail_name" | grep -q "$ip_address"; then
sudo fail2ban-client set "$jail_name" unbanip "$ip_address"
echo "IP address $ip_address has been removed from Fail2ban in jail $jail_name."
else
echo "IP address $ip_address is not banned in jail $jail_name."
fi
}
# Main script loop
while true; do
show_menu
read -p "Select an option [1-4]: " option
read -p "Select an option [1-7]: " option
# Check if input is empty
if [[ -z "$option" ]]; then
@ -111,15 +134,24 @@ while true; do
case $option in
1)
add_to_chain
list_chains
;;
2)
remove_from_chain
;;
3)
check_ip_address
;;
3)
add_to_chain
;;
4)
remove_from_chain
;;
5)
check_ip_in_fail2ban
;;
6)
remove_ip_from_fail2ban
;;
7)
echo "Exiting..."
exit 0
;;