#!/bin/bash # lib/firewall.sh - UFW firewall management # Include guard [[ -n "${__X_UI_FIREWALL_INCLUDED:-}" ]] && return 0 __X_UI_FIREWALL_INCLUDED=1 # Source dependencies source "${LIB_DIR}/common.sh" firewall_menu() { echo -e "${green}\t1.${plain} ${green}Install${plain} Firewall" echo -e "${green}\t2.${plain} Port List [numbered]" echo -e "${green}\t3.${plain} ${green}Open${plain} Ports" echo -e "${green}\t4.${plain} ${red}Delete${plain} Ports from List" echo -e "${green}\t5.${plain} ${green}Enable${plain} Firewall" echo -e "${green}\t6.${plain} ${red}Disable${plain} Firewall" echo -e "${green}\t7.${plain} Firewall Status" echo -e "${green}\t0.${plain} Back to Main Menu" read -rp "Choose an option: " choice case "$choice" in 0) show_menu ;; 1) install_firewall firewall_menu ;; 2) ufw status numbered firewall_menu ;; 3) open_ports firewall_menu ;; 4) delete_ports firewall_menu ;; 5) ufw enable firewall_menu ;; 6) ufw disable firewall_menu ;; 7) ufw status verbose firewall_menu ;; *) echo -e "${red}Invalid option. Please select a valid number.${plain}\n" firewall_menu ;; esac } install_firewall() { if ! command -v ufw &>/dev/null; then echo "ufw firewall is not installed. Installing now..." apt-get update apt-get install -y ufw else echo "ufw firewall is already installed" fi # Check if the firewall is inactive if ufw status | grep -q "Status: active"; then echo "Firewall is already active" else echo "Activating firewall..." # Open the necessary ports ufw allow ssh ufw allow http ufw allow https ufw allow 2053/tcp #webPort ufw allow 2096/tcp #subport # Enable the firewall ufw --force enable fi } open_ports() { # Prompt the user to enter the ports they want to open read -rp "Enter the ports you want to open (e.g. 80,443,2053 or range 400-500): " ports # Check if the input is valid if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2 exit 1 fi # Open the specified ports using ufw IFS=',' read -ra PORT_LIST <<<"$ports" for port in "${PORT_LIST[@]}"; do if [[ $port == *-* ]]; then # Split the range into start and end ports start_port=$(echo $port | cut -d'-' -f1) end_port=$(echo $port | cut -d'-' -f2) # Open the port range ufw allow $start_port:$end_port/tcp ufw allow $start_port:$end_port/udp else # Open the single port ufw allow "$port" fi done # Confirm that the ports are opened echo "Opened the specified ports:" for port in "${PORT_LIST[@]}"; do if [[ $port == *-* ]]; then start_port=$(echo $port | cut -d'-' -f1) end_port=$(echo $port | cut -d'-' -f2) # Check if the port range has been successfully opened (ufw status | grep -q "$start_port:$end_port") && echo "$start_port-$end_port" else # Check if the individual port has been successfully opened (ufw status | grep -q "$port") && echo "$port" fi done } delete_ports() { # Display current rules with numbers echo "Current UFW rules:" ufw status numbered # Ask the user how they want to delete rules echo "Do you want to delete rules by:" echo "1) Rule numbers" echo "2) Ports" read -rp "Enter your choice (1 or 2): " choice if [[ $choice -eq 1 ]]; then # Deleting by rule numbers read -rp "Enter the rule numbers you want to delete (1, 2, etc.): " rule_numbers # Validate the input if ! [[ $rule_numbers =~ ^([0-9]+)(,[0-9]+)*$ ]]; then echo "Error: Invalid input. Please enter a comma-separated list of rule numbers." >&2 exit 1 fi # Split numbers into an array IFS=',' read -ra RULE_NUMBERS <<<"$rule_numbers" for rule_number in "${RULE_NUMBERS[@]}"; do # Delete the rule by number ufw delete "$rule_number" || echo "Failed to delete rule number $rule_number" done echo "Selected rules have been deleted." elif [[ $choice -eq 2 ]]; then # Deleting by ports read -rp "Enter the ports you want to delete (e.g. 80,443,2053 or range 400-500): " ports # Validate the input if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2 exit 1 fi # Split ports into an array IFS=',' read -ra PORT_LIST <<<"$ports" for port in "${PORT_LIST[@]}"; do if [[ $port == *-* ]]; then # Split the port range start_port=$(echo $port | cut -d'-' -f1) end_port=$(echo $port | cut -d'-' -f2) # Delete the port range ufw delete allow $start_port:$end_port/tcp ufw delete allow $start_port:$end_port/udp else # Delete a single port ufw delete allow "$port" fi done # Confirmation of deletion echo "Deleted the specified ports:" for port in "${PORT_LIST[@]}"; do if [[ $port == *-* ]]; then start_port=$(echo $port | cut -d'-' -f1) end_port=$(echo $port | cut -d'-' -f2) # Check if the port range has been deleted (ufw status | grep -q "$start_port:$end_port") || echo "$start_port-$end_port" else # Check if the individual port has been deleted (ufw status | grep -q "$port") || echo "$port" fi done else echo "${red}Error:${plain} Invalid choice. Please enter 1 or 2." >&2 exit 1 fi }