mirror of https://gitlab.com/hp3icc/emq-TE1.git
174 lines
5.6 KiB
Bash
174 lines
5.6 KiB
Bash
#!/bin/bash
|
|
###menu
|
|
sudo cat > /bin/menu-ufw <<- "EOF"
|
|
#!/bin/bash
|
|
while : ; do
|
|
choix=$(whiptail --title "Raspbian Proyect HP3ICC Menu UFW Firewall" --menu "Note: DO NOT delete input port 22, you could lose control of your server, output port 53, 5353, 80, 443 are very necessary for communication via internet." 19 88 10 \
|
|
1 " Enable Firewall" \
|
|
2 " Disable Firewall " \
|
|
3 " List Port open " \
|
|
4 " List IP auto reject " \
|
|
5 " Add or Remove port ( In, Out or Both ) " \
|
|
6 " Protection standard (all port out is open) " \
|
|
7 " Protection strong (only 53,5353,80,443 out open) " \
|
|
8 " Enable Or Disable ICMP Ping " \
|
|
9 " Permit or Deny IP Address " \
|
|
10 " Menu Principal " 3>&1 1>&2 2>&3)
|
|
exitstatus=$?
|
|
#on recupere ce choix
|
|
#exitstatus=$?
|
|
if [ $exitstatus = 0 ]; then
|
|
echo "Your chosen option:" $choix
|
|
else
|
|
echo "You chose cancel."; break;
|
|
fi
|
|
# case : action en fonction du choix
|
|
case $choix in
|
|
1)
|
|
sudo ufw enable && sudo systemctl enable ufw && sudo systemctl stop fail2ban.service && sudo systemctl start fail2ban.service && sudo systemctl enable fail2ban.service;;
|
|
2)
|
|
sudo ufw disable && sudo systemctl disable ufw && sudo systemctl stop fail2ban.service && sudo systemctl disable fail2ban.service;;
|
|
3)
|
|
ufw status | grep ALLOW >> /tmp/port0.txt && nano /tmp/port0.txt && rm /tmp/port0.txt;;
|
|
4)
|
|
ufw status | grep REJECT >> /tmp/port0.txt && nano /tmp/port0.txt && rm /tmp/port0.txt;;
|
|
5)
|
|
sh /bin/auto-ufw.sh ;;
|
|
6)
|
|
sudo ufw delete allow out to any port 53
|
|
sudo ufw delete allow out to any port 5353
|
|
sudo ufw delete allow out to any port 80
|
|
sudo ufw delete allow out to any port 443
|
|
sudo ufw default allow outgoing ;;
|
|
7)
|
|
sudo ufw allow out to any port 53
|
|
sudo ufw allow out to any port 5353
|
|
sudo ufw allow out to any port 80
|
|
sudo ufw allow out to any port 443 ;;
|
|
8)
|
|
while : ; do
|
|
network=$(whiptail --title "ICMP Ping" --menu "Select menu:" 15 60 8 \
|
|
"1" "Disable ICMP Ping" \
|
|
"2" "Enable ICMP Ping" 3>&1 1>&2 2>&3)
|
|
|
|
exitstatus=$?
|
|
|
|
if [ $exitstatus = 0 ]; then
|
|
case "$network" in
|
|
"1")
|
|
sed -i '/net.ipv4.icmp_echo_ignore_all/d' /etc/sysctl.conf
|
|
if ! grep -q "net.ipv4.icmp_echo_ignore_all = 1" "/etc/sysctl.conf" > /dev/null 2>&1; then
|
|
echo "net.ipv4.icmp_echo_ignore_all = 1" | sudo tee -a /etc/sysctl.conf &&
|
|
sudo sysctl -p
|
|
whiptail --title "Check Port" --msgbox "ICMP Ping is disable" 0 50
|
|
|
|
fi
|
|
;;
|
|
"2")
|
|
sed -i '/net.ipv4.icmp_echo_ignore_all/d' /etc/sysctl.conf
|
|
if ! grep -q "net.ipv4.icmp_echo_ignore_all = 0" "/etc/sysctl.conf" > /dev/null 2>&1; then
|
|
echo "net.ipv4.icmp_echo_ignore_all = 0" | sudo tee -a /etc/sysctl.conf &&
|
|
sudo sysctl -p
|
|
whiptail --title "Check Port" --msgbox "ICMP Ping is Enable" 0 50
|
|
|
|
fi
|
|
;;
|
|
*)
|
|
echo "Invalid selection"
|
|
;;
|
|
esac
|
|
else
|
|
echo "You chose cancel."
|
|
break
|
|
fi
|
|
done
|
|
;;
|
|
9)
|
|
while : ; do
|
|
network=$(whiptail --title "IP Address" --menu "Select menu:" 15 60 8 \
|
|
"1" "Deny All trafic IP Address" \
|
|
"2" "Permit All trafic IP Address" \
|
|
"3" "Remove IP Addres" \
|
|
"4" "List IP Black List" \
|
|
"5" "List IP white List" 3>&1 1>&2 2>&3)
|
|
|
|
exitstatus=$?
|
|
|
|
if [ $exitstatus = 0 ]; then
|
|
case "$network" in
|
|
"1")
|
|
IPCUSTOM=""
|
|
whiptail --title "Deny IP address" --inputbox "ingrese IP :" 10 60 2>/tmp/IPCUSTOM.txt
|
|
exitstatus=$?
|
|
|
|
if [ $exitstatus != 0 ]; then
|
|
echo "You chose cancel. Exiting..."
|
|
exit 1 # Salir del script con un código de error
|
|
fi
|
|
|
|
IPCUSTOM=$(cat /tmp/IPCUSTOM.txt)
|
|
sudo ufw deny from $IPCUSTOM
|
|
;;
|
|
"2")
|
|
IPCUSTOM=""
|
|
whiptail --title "Permit IP Address" --inputbox "ingrese IP:" 10 60 2>/tmp/IPCUSTOM.txt
|
|
exitstatus=$?
|
|
|
|
if [ $exitstatus != 0 ]; then
|
|
echo "You chose cancel. Exiting..."
|
|
exit 1 # Salir del script con un código de error
|
|
fi
|
|
|
|
IPCUSTOM=$(cat /tmp/IPCUSTOM.txt)
|
|
sudo ufw allow from $IPCUSTOM
|
|
;;
|
|
"3")
|
|
IPCUSTOM=""
|
|
whiptail --title "Remove IP Address" --inputbox "ingrese IP :" 10 60 2>/tmp/IPCUSTOM.txt
|
|
exitstatus=$?
|
|
|
|
if [ $exitstatus != 0 ]; then
|
|
echo "You chose cancel. Exiting..."
|
|
exit 1 # Salir del script con un código de error
|
|
fi
|
|
|
|
IPCUSTOM=$(cat /tmp/IPCUSTOM.txt)
|
|
rule_number=$(sudo ufw status numbered | grep -E "\s+$IPCUSTOM" | awk -F'[][]' '{print $2}')
|
|
|
|
# Verificar si se encontró una regla y eliminarla
|
|
if [ -n "$rule_number" ]; then
|
|
echo "Eliminando la regla número $rule_number que bloquea/permite la IP $IPCUSTOM"
|
|
sudo ufw delete $rule_number
|
|
else
|
|
echo "No se encontró ninguna regla para la IP $IPCUSTOM"
|
|
fi
|
|
;;
|
|
"4")
|
|
sudo ufw status | grep -E "Anywhere\s+DENY\s+[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" >> /tmp/port0.txt && nano /tmp/port0.txt && rm /tmp/port0.txt
|
|
;;
|
|
"5")
|
|
sudo ufw status | grep -E "Anywhere\s+ALLOW\s+[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" >> /tmp/port0.txt && nano /tmp/port0.txt && rm /tmp/port0.txt
|
|
;;
|
|
*) Anywhere
|
|
echo "Invalid selection"
|
|
;;
|
|
esac
|
|
else
|
|
echo "You chose cancel."
|
|
break
|
|
fi
|
|
done
|
|
;;
|
|
10)
|
|
break;
|
|
esac
|
|
done
|
|
exit 0
|
|
|
|
|
|
EOF
|
|
|
|
chmod +x /bin/menu-ufw
|
|
ln -sf /bin/menu-ufw /bin/MENU-UFW
|
|
chmod +x /bin/MENU*
|