fix bug (#2618 )

Firewall management: improved (#2614 )
* fix permissions * Update install func + add/edit func open/close ports + status firewall * hotfix * subport
2025-10-14 12:09:12 +00:00 · 2024-12-20 19:06:19 +01:00 · 2024-12-20 18:43:47 +01:00 · 2024-12-20 18:34:30 +01:00 · 2024-12-20 18:33:27 +01:00
3 changed files with 179 additions and 87 deletions
--- a/install.sh
+++ b/install.sh
@ -2,6 +2,7 @@
 red='\033[0;31m'
 green='\033[0;32m'
 blue='\033[0;34m'
 yellow='\033[0;33m'
 plain='\033[0m'
@ -260,24 +261,24 @@ install_x-ui() {
    systemctl start x-ui
    echo -e "${green}x-ui ${tag_version}${plain} installation finished, it is running now..."
    echo -e ""
-    echo -e "x-ui control menu usages: "
+    echo -e "┌───────────────────────────────────────────────────────┐
-    echo -e "----------------------------------------------"
+│  ${blue}x-ui control menu usages (subcommands):${plain}              │
-    echo -e "SUBCOMMANDS:"
+│                                                       │
-    echo -e "x-ui              - Admin Management Script"
+│  ${blue}x-ui${plain}              - Admin Management Script          │
-    echo -e "x-ui start        - Start"
+│  ${blue}x-ui start${plain}        - Start                            │
-    echo -e "x-ui stop         - Stop"
+│  ${blue}x-ui stop${plain}         - Stop                             │
-    echo -e "x-ui restart      - Restart"
+│  ${blue}x-ui restart${plain}      - Restart                          │
-    echo -e "x-ui status       - Current Status"
+│  ${blue}x-ui status${plain}       - Current Status                   │
-    echo -e "x-ui settings     - Current Settings"
+│  ${blue}x-ui settings${plain}     - Current Settings                 │
-    echo -e "x-ui enable       - Enable Autostart on OS Startup"
+│  ${blue}x-ui enable${plain}       - Enable Autostart on OS Startup   │
-    echo -e "x-ui disable      - Disable Autostart on OS Startup"
+│  ${blue}x-ui disable${plain}      - Disable Autostart on OS Startup  │
-    echo -e "x-ui log          - Check logs"
+│  ${blue}x-ui log${plain}          - Check logs                       │
-    echo -e "x-ui banlog       - Check Fail2ban ban logs"
+│  ${blue}x-ui banlog${plain}       - Check Fail2ban ban logs          │
-    echo -e "x-ui update       - Update"
+│  ${blue}x-ui update${plain}       - Update                           │
-    echo -e "x-ui legacy       - legacy version"
+│  ${blue}x-ui legacy${plain}       - legacy version                   │
-    echo -e "x-ui install      - Install"
+│  ${blue}x-ui install${plain}      - Install                          │
-    echo -e "x-ui uninstall    - Uninstall"
+│  ${blue}x-ui uninstall${plain}    - Uninstall                        │
-    echo -e "----------------------------------------------"
+└───────────────────────────────────────────────────────┘"
 }
 echo -e "${green}Running...${plain}"
--- a/web/html/xui/inbound_info_modal.html
+++ b/web/html/xui/inbound_info_modal.html
@ -185,6 +185,25 @@
            <a-tag>↑ [[ sizeFormat(infoModal.clientStats.up) ]] / [[ sizeFormat(infoModal.clientStats.down) ]] ↓</a-tag>
          </td>
        </tr>
        <tr v-if="app.ipLimitEnable">
          <td>{{ i18n "pages.inbounds.IPLimit" }}</td>
          <td>
            <a-tag>[[ infoModal.clientSettings.limitIp ]]</a-tag>
          </td>
        </tr>
        <tr v-if="app.ipLimitEnable">
          <td>{{ i18n "pages.inbounds.IPLimitlog" }}</td>
          <td>
            <a-tag>[[ infoModal.clientIps ]]</a-tag>
            <a-icon type="sync" :spin="refreshing" @click="refreshIPs" style="margin: 0 5px;"></a-icon>
            <a-tooltip :title="[[ dbInbound.address ]]">
              <template slot="title">
                <span>{{ i18n "pages.inbounds.IPLimitlogclear" }}</span>
              </template>
              <a-icon type="delete" @click="clearClientIps"></a-icon>
            </a-tooltip>
          </td>
        </tr>
      </table>
      <table style="display: inline-table; margin-block: 10px; width: 100%; text-align: center;">
        <tr>
@ -417,6 +436,18 @@
    </template>
 </a-modal>
 <script>
  function refreshIPs(email) {
    return HttpUtil.post(`/panel/inbound/clientIps/${email}`).then((msg) => {
      if (msg.success) {
        try {
          return JSON.parse(msg.obj).join(', ');
        } catch (e) {
          return msg.obj;
        }
      }
    });
  }
  const infoModal = {
    visible: false,
    inbound: new Inbound(),
@ -431,6 +462,7 @@
    isExpired: false,
    subLink: '',
    subJsonLink: '',
    clientIps: '',
    show(dbInbound, index) {
      this.index = index;
      this.inbound = dbInbound.toInbound();
@ -438,6 +470,12 @@
      this.clientSettings = this.inbound.clients ? this.inbound.clients[index] : null;
      this.isExpired = this.inbound.clients ? this.inbound.isExpiry(index) : this.dbInbound.isExpiry;
      this.clientStats = this.inbound.clients ? this.dbInbound.clientStats.find(row => row.email === this.clientSettings.email) : [];
      if (app.ipLimitEnable && this.clientSettings.limitIp) {
        refreshIPs(this.clientStats.email).then((ips) => {
          this.clientIps = ips;
        })
      }
      if (this.inbound.protocol == Protocols.WIREGUARD) {
        this.links = this.inbound.genInboundLinks(dbInbound.remark).split('\r\n')
      } else {
@ -466,6 +504,7 @@
    el: '#inbound-info-modal',
    data: {
      infoModal,
      refreshing: false,
      get dbInbound() {
        return this.infoModal.dbInbound;
      },
@ -502,6 +541,26 @@
        remained = this.infoModal.clientStats.total - this.infoModal.clientStats.up - this.infoModal.clientStats.down;
        return remained > 0 ? sizeFormat(remained) : '-';
      },
      refreshIPs() {
        this.refreshing = true;
        refreshIPs(this.infoModal.clientStats.email)
          .then((ips) => {
            this.infoModal.clientIps = ips;
          })
          .finally(() => {
            this.refreshing = false;
          });
      },
      clearClientIps() {
        HttpUtil.post(`/panel/inbound/clearClientIps/${this.infoModal.clientStats.email}`)
          .then((msg) => {
            if (!msg.success) {
              return;
            }
            this.infoModal.clientIps = 'No IP Record';
          })
          .catch(() => {});
      },
    },
  });
 </script>
--- a/x-ui.sh
+++ b/x-ui.sh
@ -2,6 +2,7 @@
 red='\033[0;31m'
 green='\033[0;32m'
 blue='\033[0;34m'
 yellow='\033[0;33m'
 plain='\033[0m'
@ -682,10 +683,12 @@ show_xray_status() {
 }
 firewall_menu() {
-    echo -e "${green}\t1.${plain} Install Firewall & open ports"
+    echo -e "${green}\t1.${plain} Install Firewall"
-    echo -e "${green}\t2.${plain} Allowed List"
+    echo -e "${green}\t2.${plain} Port List"
-    echo -e "${green}\t3.${plain} Delete Ports from List"
+    echo -e "${green}\t3.${plain} Open Ports"
-    echo -e "${green}\t4.${plain} Disable Firewall"
+    echo -e "${green}\t4.${plain} Delete Ports from List"
    echo -e "${green}\t5.${plain} Disable Firewall"
    echo -e "${green}\t6.${plain} Firewall Status"
    echo -e "${green}\t0.${plain} Back to Main Menu"
    read -p "Choose an option: " choice
    case "$choice" in
@ -693,21 +696,29 @@ firewall_menu() {
        show_menu
        ;;
    1)
-        open_ports
+        install_firewall
        firewall_menu
        ;;
    2)
-        sudo ufw status
+        sudo ufw status numbered
        firewall_menu
        ;;
    3)
-        delete_ports
+        sudo open_ports
        firewall_menu
        ;;
    4)
        sudo delete_ports
        firewall_menu
        ;;
    5)
        sudo ufw disable
        firewall_menu
        ;;
    6)
        sudo ufw status verbose
        firewall_menu
        ;;
    *) 
        echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
        firewall_menu
@ -715,7 +726,7 @@ firewall_menu() {
    esac
 }
-open_ports() {
+install_firewall() {
    if ! command -v ufw &>/dev/null; then
        echo "ufw firewall is not installed. Installing now..."
        apt-get update
@ -733,13 +744,16 @@ open_ports() {
        ufw allow ssh
        ufw allow http
        ufw allow https
-        ufw allow 2053/tcp
+        ufw allow 2053/tcp #webPort
        ufw allow 2096/tcp #subport
        # Enable the firewall
        ufw --force enable
    fi
 }
-    # Prompt the user to enter a list of ports
+open_ports() {
    # Prompt the user to enter the ports they want to open
    read -p "Enter the ports you want to open (e.g. 80,443,2053 or range 400-500): " ports
    # Check if the input is valid
@ -755,19 +769,28 @@ open_ports() {
            # Split the range into start and end ports
            start_port=$(echo $port | cut -d'-' -f1)
            end_port=$(echo $port | cut -d'-' -f2)
            # Open the port range
            ufw allow $start_port:$end_port/tcp
            ufw allow $start_port:$end_port/udp
        else
            # Open the single port
            ufw allow "$port"
        fi
    done
-    # Confirm that the ports are open
+    # Confirm that the ports are opened
-    echo "The following ports are now open:"
+    echo "Opened the specified ports:"
-    ufw status | grep "ALLOW" | grep -Eo "[0-9]+(/[a-z]+)?"
+    for port in "${PORT_LIST[@]}"; do
-
+        if [[ $port == *-* ]]; then
-    echo "Firewall status:"
+            start_port=$(echo $port | cut -d'-' -f1)
-    ufw status verbose
+            end_port=$(echo $port | cut -d'-' -f2)
            # Check if the port range has been successfully opened
            (ufw status | grep -q "$start_port:$end_port") && echo "$start_port-$end_port"
        else
            # Check if the individual port has been successfully opened
            (ufw status | grep -q "$port") && echo "$port"
        fi
    done
 }
 delete_ports() {
@ -1353,6 +1376,11 @@ iplimit_remove_conflicts() {
    done
 }
 ip_validation() {
    ipv6_regex="^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$"
    ipv4_regex="^((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)$"
 }
 iplimit_main() {
    echo -e "\n${green}\t1.${plain} Install Fail2ban and configure IP Limit"
    echo -e "${green}\t2.${plain} Change Ban Duration"
@ -1406,7 +1434,8 @@ iplimit_main() {
        ;;
    5)
        read -rp "Enter the IP address you want to ban: " ban_ip
-        if [[ $ban_ip =~ ^(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9]))$ || $ban_ip =~ ^(([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})$ ]]; then
+        ip_validation
        if [[ $ban_ip =~ $ipv4_regex || $ban_ip =~ $ipv6_regex ]]; then
            fail2ban-client set 3x-ipl banip "$ban_ip"
            echo -e "${green}IP Address ${ban_ip} has been banned successfully.${plain}"
        else
@ -1416,7 +1445,8 @@ iplimit_main() {
        ;;
    6)
        read -rp "Enter the IP address you want to unban: " unban_ip
-        if [[ $unban_ip =~ ^(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9]))$ || $unban_ip =~ ^(([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})$ ]]; then
+        ip_validation
        if [[ $unban_ip =~ $ipv4_regex || $unban_ip =~ $ipv6_regex ]]; then
            fail2ban-client set 3x-ipl unbanip "$unban_ip"
            echo -e "${green}IP Address ${unban_ip} has been unbanned successfully.${plain}"
        else
@ -1651,61 +1681,63 @@ SSH_port_forwarding() {
 }
 show_usage() {
-    echo "x-ui control menu usages: "
+    echo -e "┌───────────────────────────────────────────────────────┐
-    echo "------------------------------------------"
+│  ${blue}x-ui control menu usages (subcommands):${plain}              │
-    echo -e "SUBCOMMANDS:"
+│                                                       │
-    echo -e "x-ui              - Admin Management Script"
+│  ${blue}x-ui${plain}              - Admin Management Script          │
-    echo -e "x-ui start        - Start"
+│  ${blue}x-ui start${plain}        - Start                            │
-    echo -e "x-ui stop         - Stop"
+│  ${blue}x-ui stop${plain}         - Stop                             │
-    echo -e "x-ui restart      - Restart"
+│  ${blue}x-ui restart${plain}      - Restart                          │
-    echo -e "x-ui status       - Current Status"
+│  ${blue}x-ui status${plain}       - Current Status                   │
-    echo -e "x-ui settings     - Current Settings"
+│  ${blue}x-ui settings${plain}     - Current Settings                 │
-    echo -e "x-ui enable       - Enable Autostart on OS Startup"
+│  ${blue}x-ui enable${plain}       - Enable Autostart on OS Startup   │
-    echo -e "x-ui disable      - Disable Autostart on OS Startup"
+│  ${blue}x-ui disable${plain}      - Disable Autostart on OS Startup  │
-    echo -e "x-ui log          - Check logs"
+│  ${blue}x-ui log${plain}          - Check logs                       │
-    echo -e "x-ui banlog       - Check Fail2ban ban logs"
+│  ${blue}x-ui banlog${plain}       - Check Fail2ban ban logs          │
-    echo -e "x-ui update       - Update"
+│  ${blue}x-ui update${plain}       - Update                           │
-    echo -e "x-ui custom       - custom version"
+│  ${blue}x-ui legacy${plain}       - legacy version                   │
-    echo -e "x-ui install      - Install"
+│  ${blue}x-ui install${plain}      - Install                          │
-    echo -e "x-ui uninstall    - Uninstall"
+│  ${blue}x-ui uninstall${plain}    - Uninstall                        │
-    echo "------------------------------------------"
+└───────────────────────────────────────────────────────┘"
 }
 show_menu() {
    echo -e "
-  ${green}3X-UI Panel Management Script${plain}
+╔────────────────────────────────────────────────╗
-  ${green}0.${plain} Exit Script
+│   ${green}3X-UI Panel Management Script${plain}                │
-————————————————
+│   ${green}0.${plain} Exit Script                               │
-  ${green}1.${plain} Install
+│────────────────────────────────────────────────│
-  ${green}2.${plain} Update
+│   ${green}1.${plain} Install                                   │
-  ${green}3.${plain} Update Menu
+│   ${green}2.${plain} Update                                    │
-  ${green}4.${plain} Legacy Version
+│   ${green}3.${plain} Update Menu                               │
-  ${green}5.${plain} Uninstall
+│   ${green}4.${plain} Legacy Version                            │
-————————————————
+│   ${green}5.${plain} Uninstall                                 │
-  ${green}6.${plain} Reset Username & Password & Secret Token
+│────────────────────────────────────────────────│
-  ${green}7.${plain} Reset Web Base Path
+│   ${green}6.${plain} Reset Username & Password & Secret Token  │
-  ${green}8.${plain} Reset Settings
+│   ${green}7.${plain} Reset Web Base Path                       │
-  ${green}9.${plain} Change Port
+│   ${green}8.${plain} Reset Settings                            │
-  ${green}10.${plain} View Current Settings
+│   ${green}9.${plain} Change Port                               │
-————————————————
+│  ${green}10.${plain} View Current Settings                     │
-  ${green}11.${plain} Start
+│────────────────────────────────────────────────│
-  ${green}12.${plain} Stop
+│  ${green}11.${plain} Start                                     │
-  ${green}13.${plain} Restart
+│  ${green}12.${plain} Stop                                      │
-  ${green}14.${plain} Check Status
+│  ${green}13.${plain} Restart                                   │
-  ${green}15.${plain} Logs Management
+│  ${green}14.${plain} Check Status                              │
-————————————————
+│  ${green}15.${plain} Logs Management                           │
-  ${green}16.${plain} Enable Autostart
+│────────────────────────────────────────────────│
-  ${green}17.${plain} Disable Autostart
+│  ${green}16.${plain} Enable Autostart                          │
-————————————————
+│  ${green}17.${plain} Disable Autostart                         │
-  ${green}18.${plain} SSL Certificate Management
+│────────────────────────────────────────────────│
-  ${green}19.${plain} Cloudflare SSL Certificate
+│  ${green}18.${plain} SSL Certificate Management                │
-  ${green}20.${plain} IP Limit Management
+│  ${green}19.${plain} Cloudflare SSL Certificate                │
-  ${green}21.${plain} Firewall Management
+│  ${green}20.${plain} IP Limit Management                       │
-  ${green}22.${plain} SSH Port Forwarding Management
+│  ${green}21.${plain} Firewall Management                       │
-————————————————
+│  ${green}22.${plain} SSH Port Forwarding Management            │
-  ${green}23.${plain} Enable BBR 
+│────────────────────────────────────────────────│
-  ${green}24.${plain} Update Geo Files
+│  ${green}23.${plain} Enable BBR                                │
-  ${green}25.${plain} Speedtest by Ookla
+│  ${green}24.${plain} Update Geo Files                          │
 │  ${green}25.${plain} Speedtest by Ookla                        │
 ╚────────────────────────────────────────────────╝
 "
    show_status
    echo && read -p "Please enter your selection [0-25]: " num
Author	SHA1	Message	Date
Tara Rostami	fff54fe7f3	fix bug (#2618 )	2024-12-20 19:06:19 +01:00
LoST	0859d230b0	Firewall management: improved (#2614 ) * fix permissions * Update install func + add/edit func open/close ports + status firewall * hotfix * subport	2024-12-20 18:43:47 +01:00
KiselevAlexander	02998c5467	Added ip limit data and controls to client info modal (#2617 )	2024-12-20 18:34:30 +01:00
Tara Rostami	3f38c42852	fail2ban: better ipv6 validation (#2615 )	2024-12-20 18:33:27 +01:00