vijay/Scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update manage_iptables

Browse Source
This commit is contained in:
vijay 2025-05-08 02:17:16 +00:00
parent f233170e24
commit bb23fe7651
1 changed files with 70 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
manage_iptables
View File

@ -2,17 +2,16 @@
# Execute the script from the URL and remove it after execution:
# wget -O- https://git.technozone.com.au/vijay/Scripts/raw/branch/main/manage_iptables && bash /tmp/manage_iptables.sh && rm -f /tmp/manage_iptables.sh
# Function to display the menu
show_menu() {
echo "=============================="
echo " Iptables Manager "
echo "=============================="
echo "1. List current iptables rules"
echo "2. Add IP address to whitelist (ACCEPT)"
echo "3. Remove IP address from whitelist (ACCEPT)"
echo "4. Add IP address to blacklist (DROP)"
echo "5. Remove IP address from blacklist (DROP)"
echo "6. Exit"
echo "1. Add IP address to a chain"
echo "2. Remove IP address from a chain"
echo "3. Check if IP address exists in any chain"
echo "4. Exit"
echo "=============================="
}
@ -22,66 +21,87 @@ list_rules() {
sudo iptables -L -n -v
}
# Function to check if an IP address is in the whitelist
is_in_whitelist() {
local ip_address=$1
sudo iptables -C INPUT -s "$ip_address" -j ACCEPT &> /dev/null
# Function to get available chains
get_chains() {
echo "Available chains:"
echo "1. INPUT"
echo "2. OUTPUT"
echo "3. FORWARD"
}
# Function to check if an IP address is in the blacklist
is_in_blacklist() {
local ip_address=$1
sudo iptables -C INPUT -s "$ip_address" -j DROP &> /dev/null
# Function to check if an IP address is in a specified chain
is_in_chain() {
local chain=$1
local ip_address=$2
sudo iptables -C "$chain" -s "$ip_address" -j ACCEPT &> /dev/null || sudo iptables -C "$chain" -s "$ip_address" -j DROP &> /dev/null
}
# Function to add IP address to whitelist
add_to_whitelist() {
read -p "Enter the IP address to whitelist: " ip_address
if is_in_whitelist "$ip_address"; then
echo "IP address $ip_address is already in the whitelist."
# Function to add IP address to a specified chain
add_to_chain() {
get_chains
read -p "Select a chain (1-3): " chain_option
case $chain_option in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo "Invalid chain selection."; return ;;
esac
read -p "Enter the IP address to add: " ip_address
if is_in_chain "$chain" "$ip_address"; then
echo "IP address $ip_address is already in the chain $chain."
else
sudo iptables -A INPUT -s "$ip_address" -j ACCEPT
echo "IP address $ip_address added to whitelist."
read -p "Enter the target action (ACCEPT or DROP): " action
if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -A "$chain" -s "$ip_address" -j "$action"
echo "IP address $ip_address added to chain $chain with action $action."
else
echo "Invalid action. Please use ACCEPT or DROP."
fi
fi
}
# Function to remove IP address from whitelist
remove_from_whitelist() {
read -p "Enter the IP address to remove from whitelist: " ip_address
if is_in_whitelist "$ip_address"; then
sudo iptables -D INPUT -s "$ip_address" -j ACCEPT
echo "IP address $ip_address removed from whitelist."
# Function to remove IP address from a specified chain
remove_from_chain() {
get_chains
read -p "Select a chain (1-3): " chain_option
case $chain_option in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo "Invalid chain selection."; return ;;
esac
read -p "Enter the IP address to remove: " ip_address
if is_in_chain "$chain" "$ip_address"; then
read -p "Enter the target action (ACCEPT or DROP): " action
if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -D "$chain" -s "$ip_address" -j "$action"
echo "IP address $ip_address removed from chain $chain with action $action."
else
echo "Invalid action. Please use ACCEPT or DROP."
fi
else
echo "IP address $ip_address is not in the whitelist."
echo "IP address $ip_address is not in the chain $chain."
fi
}
# Function to add IP address to blacklist
add_to_blacklist() {
read -p "Enter the IP address to blacklist: " ip_address
if is_in_blacklist "$ip_address"; then
echo "IP address $ip_address is already in the blacklist."
else
sudo iptables -A INPUT -s "$ip_address" -j DROP
echo "IP address $ip_address added to blacklist."
fi
}
# Function to remove IP address from blacklist
remove_from_blacklist() {
read -p "Enter the IP address to remove from blacklist: " ip_address
if is_in_blacklist "$ip_address"; then
sudo iptables -D INPUT -s "$ip_address" -j DROP
echo "IP address $ip_address removed from blacklist."
else
echo "IP address $ip_address is not in the blacklist."
fi
# Function to check if an IP address exists in any chain
check_ip_address() {
read -p "Enter the IP address to check: " ip_address
for chain in INPUT OUTPUT FORWARD; do
if is_in_chain "$chain" "$ip_address"; then
echo "IP address $ip_address exists in chain $chain."
return
fi
done
echo "IP address $ip_address does not exist in any chain."
}
# Main script loop
while true; do
show_menu
read -p "Select an option [1-6]: " option
read -p "Select an option [1-4]: " option
# Check if input is empty
if [[ -z "$option" ]]; then
@ -91,26 +111,4 @@ while true; do
case $option in
1)
list_rules
;;
2)
add_to_whitelist
;;
3)
remove_from_whitelist
;;
4)
add_to_blacklist
;;
5)
remove_from_blacklist
;;
6)
echo "Exiting..."
exit 0
;;
*)
echo "Invalid option. Please try again."
;;
esac
done
add_to_chain