From bb23fe7651146057c9428af1cbaf336cf43ed978 Mon Sep 17 00:00:00 2001 From: vijay Date: Thu, 8 May 2025 02:17:16 +0000 Subject: [PATCH] Update manage_iptables --- manage_iptables | 142 ++++++++++++++++++++++++------------------------ 1 file changed, 70 insertions(+), 72 deletions(-) diff --git a/manage_iptables b/manage_iptables index 3aa7200..314b80f 100644 --- a/manage_iptables +++ b/manage_iptables @@ -2,17 +2,16 @@ # Execute the script from the URL and remove it after execution: # wget -O- https://git.technozone.com.au/vijay/Scripts/raw/branch/main/manage_iptables && bash /tmp/manage_iptables.sh && rm -f /tmp/manage_iptables.sh + # Function to display the menu show_menu() { echo "==============================" echo " Iptables Manager " echo "==============================" - echo "1. List current iptables rules" - echo "2. Add IP address to whitelist (ACCEPT)" - echo "3. Remove IP address from whitelist (ACCEPT)" - echo "4. Add IP address to blacklist (DROP)" - echo "5. Remove IP address from blacklist (DROP)" - echo "6. Exit" + echo "1. Add IP address to a chain" + echo "2. Remove IP address from a chain" + echo "3. Check if IP address exists in any chain" + echo "4. Exit" echo "==============================" } @@ -22,66 +21,87 @@ list_rules() { sudo iptables -L -n -v } -# Function to check if an IP address is in the whitelist -is_in_whitelist() { - local ip_address=$1 - sudo iptables -C INPUT -s "$ip_address" -j ACCEPT &> /dev/null +# Function to get available chains +get_chains() { + echo "Available chains:" + echo "1. INPUT" + echo "2. OUTPUT" + echo "3. FORWARD" } -# Function to check if an IP address is in the blacklist -is_in_blacklist() { - local ip_address=$1 - sudo iptables -C INPUT -s "$ip_address" -j DROP &> /dev/null +# Function to check if an IP address is in a specified chain +is_in_chain() { + local chain=$1 + local ip_address=$2 + sudo iptables -C "$chain" -s "$ip_address" -j ACCEPT &> /dev/null || sudo iptables -C "$chain" -s "$ip_address" -j DROP &> /dev/null } -# Function to add IP address to whitelist -add_to_whitelist() { - read -p "Enter the IP address to whitelist: " ip_address - if is_in_whitelist "$ip_address"; then - echo "IP address $ip_address is already in the whitelist." +# Function to add IP address to a specified chain +add_to_chain() { + get_chains + read -p "Select a chain (1-3): " chain_option + case $chain_option in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + *) echo "Invalid chain selection."; return ;; + esac + + read -p "Enter the IP address to add: " ip_address + if is_in_chain "$chain" "$ip_address"; then + echo "IP address $ip_address is already in the chain $chain." else - sudo iptables -A INPUT -s "$ip_address" -j ACCEPT - echo "IP address $ip_address added to whitelist." + read -p "Enter the target action (ACCEPT or DROP): " action + if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then + sudo iptables -A "$chain" -s "$ip_address" -j "$action" + echo "IP address $ip_address added to chain $chain with action $action." + else + echo "Invalid action. Please use ACCEPT or DROP." + fi fi } -# Function to remove IP address from whitelist -remove_from_whitelist() { - read -p "Enter the IP address to remove from whitelist: " ip_address - if is_in_whitelist "$ip_address"; then - sudo iptables -D INPUT -s "$ip_address" -j ACCEPT - echo "IP address $ip_address removed from whitelist." +# Function to remove IP address from a specified chain +remove_from_chain() { + get_chains + read -p "Select a chain (1-3): " chain_option + case $chain_option in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + *) echo "Invalid chain selection."; return ;; + esac + + read -p "Enter the IP address to remove: " ip_address + if is_in_chain "$chain" "$ip_address"; then + read -p "Enter the target action (ACCEPT or DROP): " action + if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then + sudo iptables -D "$chain" -s "$ip_address" -j "$action" + echo "IP address $ip_address removed from chain $chain with action $action." + else + echo "Invalid action. Please use ACCEPT or DROP." + fi else - echo "IP address $ip_address is not in the whitelist." + echo "IP address $ip_address is not in the chain $chain." fi } -# Function to add IP address to blacklist -add_to_blacklist() { - read -p "Enter the IP address to blacklist: " ip_address - if is_in_blacklist "$ip_address"; then - echo "IP address $ip_address is already in the blacklist." - else - sudo iptables -A INPUT -s "$ip_address" -j DROP - echo "IP address $ip_address added to blacklist." - fi -} - -# Function to remove IP address from blacklist -remove_from_blacklist() { - read -p "Enter the IP address to remove from blacklist: " ip_address - if is_in_blacklist "$ip_address"; then - sudo iptables -D INPUT -s "$ip_address" -j DROP - echo "IP address $ip_address removed from blacklist." - else - echo "IP address $ip_address is not in the blacklist." - fi +# Function to check if an IP address exists in any chain +check_ip_address() { + read -p "Enter the IP address to check: " ip_address + for chain in INPUT OUTPUT FORWARD; do + if is_in_chain "$chain" "$ip_address"; then + echo "IP address $ip_address exists in chain $chain." + return + fi + done + echo "IP address $ip_address does not exist in any chain." } # Main script loop while true; do show_menu - read -p "Select an option [1-6]: " option + read -p "Select an option [1-4]: " option # Check if input is empty if [[ -z "$option" ]]; then @@ -91,26 +111,4 @@ while true; do case $option in 1) - list_rules - ;; - 2) - add_to_whitelist - ;; - 3) - remove_from_whitelist - ;; - 4) - add_to_blacklist - ;; - 5) - remove_from_blacklist - ;; - 6) - echo "Exiting..." - exit 0 - ;; - *) - echo "Invalid option. Please try again." - ;; - esac -done + add_to_chain