vijay/Scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update manage_iptables

Browse Source
This commit is contained in:
vijay 2025-05-08 02:17:16 +00:00
parent f233170e24
commit bb23fe7651
1 changed files with 70 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
manage_iptables
View File

@ -2,17 +2,16 @@
# Execute the script from the URL and remove it after execution: # Execute the script from the URL and remove it after execution:
# wget -O- https://git.technozone.com.au/vijay/Scripts/raw/branch/main/manage_iptables && bash /tmp/manage_iptables.sh && rm -f /tmp/manage_iptables.sh # wget -O- https://git.technozone.com.au/vijay/Scripts/raw/branch/main/manage_iptables && bash /tmp/manage_iptables.sh && rm -f /tmp/manage_iptables.sh
# Function to display the menu # Function to display the menu
show_menu() { show_menu() {
echo "==============================" echo "=============================="
echo " Iptables Manager " echo " Iptables Manager "
echo "==============================" echo "=============================="
echo "1. List current iptables rules" echo "1. Add IP address to a chain"
echo "2. Add IP address to whitelist (ACCEPT)" echo "2. Remove IP address from a chain"
echo "3. Remove IP address from whitelist (ACCEPT)" echo "3. Check if IP address exists in any chain"
echo "4. Add IP address to blacklist (DROP)" echo "4. Exit"
echo "5. Remove IP address from blacklist (DROP)"
echo "6. Exit"
echo "==============================" echo "=============================="
} }
@ -22,66 +21,87 @@ list_rules() {
sudo iptables -L -n -v sudo iptables -L -n -v
} }
# Function to check if an IP address is in the whitelist # Function to get available chains
is_in_whitelist() { get_chains() {
local ip_address=$1 echo "Available chains:"
sudo iptables -C INPUT -s "$ip_address" -j ACCEPT &> /dev/null echo "1. INPUT"
echo "2. OUTPUT"
echo "3. FORWARD"
} }
# Function to check if an IP address is in the blacklist # Function to check if an IP address is in a specified chain
is_in_blacklist() { is_in_chain() {
local ip_address=$1 local chain=$1
sudo iptables -C INPUT -s "$ip_address" -j DROP &> /dev/null local ip_address=$2
sudo iptables -C "$chain" -s "$ip_address" -j ACCEPT &> /dev/null || sudo iptables -C "$chain" -s "$ip_address" -j DROP &> /dev/null
} }
# Function to add IP address to whitelist # Function to add IP address to a specified chain
add_to_whitelist() { add_to_chain() {
read -p "Enter the IP address to whitelist: " ip_address get_chains
if is_in_whitelist "$ip_address"; then read -p "Select a chain (1-3): " chain_option
echo "IP address $ip_address is already in the whitelist." case $chain_option in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo "Invalid chain selection."; return ;;
esac
read -p "Enter the IP address to add: " ip_address
if is_in_chain "$chain" "$ip_address"; then
echo "IP address $ip_address is already in the chain $chain."
else else
sudo iptables -A INPUT -s "$ip_address" -j ACCEPT read -p "Enter the target action (ACCEPT or DROP): " action
echo "IP address $ip_address added to whitelist." if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -A "$chain" -s "$ip_address" -j "$action"
echo "IP address $ip_address added to chain $chain with action $action."
else
echo "Invalid action. Please use ACCEPT or DROP."
fi
fi fi
} }
# Function to remove IP address from whitelist # Function to remove IP address from a specified chain
remove_from_whitelist() { remove_from_chain() {
read -p "Enter the IP address to remove from whitelist: " ip_address get_chains
if is_in_whitelist "$ip_address"; then read -p "Select a chain (1-3): " chain_option
sudo iptables -D INPUT -s "$ip_address" -j ACCEPT case $chain_option in
echo "IP address $ip_address removed from whitelist." 1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo "Invalid chain selection."; return ;;
esac
read -p "Enter the IP address to remove: " ip_address
if is_in_chain "$chain" "$ip_address"; then
read -p "Enter the target action (ACCEPT or DROP): " action
if [[ "$action" == "ACCEPT" || "$action" == "DROP" ]]; then
sudo iptables -D "$chain" -s "$ip_address" -j "$action"
echo "IP address $ip_address removed from chain $chain with action $action."
else else
echo "IP address $ip_address is not in the whitelist." echo "Invalid action. Please use ACCEPT or DROP."
fi
else
echo "IP address $ip_address is not in the chain $chain."
fi fi
} }
# Function to add IP address to blacklist # Function to check if an IP address exists in any chain
add_to_blacklist() { check_ip_address() {
read -p "Enter the IP address to blacklist: " ip_address read -p "Enter the IP address to check: " ip_address
if is_in_blacklist "$ip_address"; then for chain in INPUT OUTPUT FORWARD; do
echo "IP address $ip_address is already in the blacklist." if is_in_chain "$chain" "$ip_address"; then
else echo "IP address $ip_address exists in chain $chain."
sudo iptables -A INPUT -s "$ip_address" -j DROP return
echo "IP address $ip_address added to blacklist."
fi
}
# Function to remove IP address from blacklist
remove_from_blacklist() {
read -p "Enter the IP address to remove from blacklist: " ip_address
if is_in_blacklist "$ip_address"; then
sudo iptables -D INPUT -s "$ip_address" -j DROP
echo "IP address $ip_address removed from blacklist."
else
echo "IP address $ip_address is not in the blacklist."
fi fi
done
echo "IP address $ip_address does not exist in any chain."
} }
# Main script loop # Main script loop
while true; do while true; do
show_menu show_menu
read -p "Select an option [1-6]: " option read -p "Select an option [1-4]: " option
# Check if input is empty # Check if input is empty
if [[ -z "$option" ]]; then if [[ -z "$option" ]]; then
@ -91,26 +111,4 @@ while true; do
case $option in case $option in
1) 1)
list_rules add_to_chain
;;
2)
add_to_whitelist
;;
3)
remove_from_whitelist
;;
4)
add_to_blacklist
;;
5)
remove_from_blacklist
;;
6)
echo "Exiting..."
exit 0
;;
*)
echo "Invalid option. Please try again."
;;
esac
done