mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-02-28 21:23:01 +00:00
200 lines
6.3 KiB
Bash
200 lines
6.3 KiB
Bash
#!/bin/bash
|
|
# lib/firewall.sh - UFW firewall management
|
|
|
|
# Include guard
|
|
[[ -n "${__X_UI_FIREWALL_INCLUDED:-}" ]] && return 0
|
|
__X_UI_FIREWALL_INCLUDED=1
|
|
|
|
# Source dependencies
|
|
source "${LIB_DIR}/common.sh"
|
|
|
|
firewall_menu() {
|
|
echo -e "${green}\t1.${plain} ${green}Install${plain} Firewall"
|
|
echo -e "${green}\t2.${plain} Port List [numbered]"
|
|
echo -e "${green}\t3.${plain} ${green}Open${plain} Ports"
|
|
echo -e "${green}\t4.${plain} ${red}Delete${plain} Ports from List"
|
|
echo -e "${green}\t5.${plain} ${green}Enable${plain} Firewall"
|
|
echo -e "${green}\t6.${plain} ${red}Disable${plain} Firewall"
|
|
echo -e "${green}\t7.${plain} Firewall Status"
|
|
echo -e "${green}\t0.${plain} Back to Main Menu"
|
|
read -rp "Choose an option: " choice
|
|
case "$choice" in
|
|
0)
|
|
show_menu
|
|
;;
|
|
1)
|
|
install_firewall
|
|
firewall_menu
|
|
;;
|
|
2)
|
|
ufw status numbered
|
|
firewall_menu
|
|
;;
|
|
3)
|
|
open_ports
|
|
firewall_menu
|
|
;;
|
|
4)
|
|
delete_ports
|
|
firewall_menu
|
|
;;
|
|
5)
|
|
ufw enable
|
|
firewall_menu
|
|
;;
|
|
6)
|
|
ufw disable
|
|
firewall_menu
|
|
;;
|
|
7)
|
|
ufw status verbose
|
|
firewall_menu
|
|
;;
|
|
*)
|
|
echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
|
|
firewall_menu
|
|
;;
|
|
esac
|
|
}
|
|
|
|
install_firewall() {
|
|
if ! command -v ufw &>/dev/null; then
|
|
echo "ufw firewall is not installed. Installing now..."
|
|
apt-get update
|
|
apt-get install -y ufw
|
|
else
|
|
echo "ufw firewall is already installed"
|
|
fi
|
|
|
|
# Check if the firewall is inactive
|
|
if ufw status | grep -q "Status: active"; then
|
|
echo "Firewall is already active"
|
|
else
|
|
echo "Activating firewall..."
|
|
# Open the necessary ports
|
|
ufw allow ssh
|
|
ufw allow http
|
|
ufw allow https
|
|
ufw allow 2053/tcp #webPort
|
|
ufw allow 2096/tcp #subport
|
|
|
|
# Enable the firewall
|
|
ufw --force enable
|
|
fi
|
|
}
|
|
|
|
open_ports() {
|
|
# Prompt the user to enter the ports they want to open
|
|
read -rp "Enter the ports you want to open (e.g. 80,443,2053 or range 400-500): " ports
|
|
|
|
# Check if the input is valid
|
|
if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then
|
|
echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Open the specified ports using ufw
|
|
IFS=',' read -ra PORT_LIST <<<"$ports"
|
|
for port in "${PORT_LIST[@]}"; do
|
|
if [[ $port == *-* ]]; then
|
|
# Split the range into start and end ports
|
|
start_port=$(echo $port | cut -d'-' -f1)
|
|
end_port=$(echo $port | cut -d'-' -f2)
|
|
# Open the port range
|
|
ufw allow $start_port:$end_port/tcp
|
|
ufw allow $start_port:$end_port/udp
|
|
else
|
|
# Open the single port
|
|
ufw allow "$port"
|
|
fi
|
|
done
|
|
|
|
# Confirm that the ports are opened
|
|
echo "Opened the specified ports:"
|
|
for port in "${PORT_LIST[@]}"; do
|
|
if [[ $port == *-* ]]; then
|
|
start_port=$(echo $port | cut -d'-' -f1)
|
|
end_port=$(echo $port | cut -d'-' -f2)
|
|
# Check if the port range has been successfully opened
|
|
(ufw status | grep -q "$start_port:$end_port") && echo "$start_port-$end_port"
|
|
else
|
|
# Check if the individual port has been successfully opened
|
|
(ufw status | grep -q "$port") && echo "$port"
|
|
fi
|
|
done
|
|
}
|
|
|
|
delete_ports() {
|
|
# Display current rules with numbers
|
|
echo "Current UFW rules:"
|
|
ufw status numbered
|
|
|
|
# Ask the user how they want to delete rules
|
|
echo "Do you want to delete rules by:"
|
|
echo "1) Rule numbers"
|
|
echo "2) Ports"
|
|
read -rp "Enter your choice (1 or 2): " choice
|
|
|
|
if [[ $choice -eq 1 ]]; then
|
|
# Deleting by rule numbers
|
|
read -rp "Enter the rule numbers you want to delete (1, 2, etc.): " rule_numbers
|
|
|
|
# Validate the input
|
|
if ! [[ $rule_numbers =~ ^([0-9]+)(,[0-9]+)*$ ]]; then
|
|
echo "Error: Invalid input. Please enter a comma-separated list of rule numbers." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Split numbers into an array
|
|
IFS=',' read -ra RULE_NUMBERS <<<"$rule_numbers"
|
|
for rule_number in "${RULE_NUMBERS[@]}"; do
|
|
# Delete the rule by number
|
|
ufw delete "$rule_number" || echo "Failed to delete rule number $rule_number"
|
|
done
|
|
|
|
echo "Selected rules have been deleted."
|
|
|
|
elif [[ $choice -eq 2 ]]; then
|
|
# Deleting by ports
|
|
read -rp "Enter the ports you want to delete (e.g. 80,443,2053 or range 400-500): " ports
|
|
|
|
# Validate the input
|
|
if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then
|
|
echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Split ports into an array
|
|
IFS=',' read -ra PORT_LIST <<<"$ports"
|
|
for port in "${PORT_LIST[@]}"; do
|
|
if [[ $port == *-* ]]; then
|
|
# Split the port range
|
|
start_port=$(echo $port | cut -d'-' -f1)
|
|
end_port=$(echo $port | cut -d'-' -f2)
|
|
# Delete the port range
|
|
ufw delete allow $start_port:$end_port/tcp
|
|
ufw delete allow $start_port:$end_port/udp
|
|
else
|
|
# Delete a single port
|
|
ufw delete allow "$port"
|
|
fi
|
|
done
|
|
|
|
# Confirmation of deletion
|
|
echo "Deleted the specified ports:"
|
|
for port in "${PORT_LIST[@]}"; do
|
|
if [[ $port == *-* ]]; then
|
|
start_port=$(echo $port | cut -d'-' -f1)
|
|
end_port=$(echo $port | cut -d'-' -f2)
|
|
# Check if the port range has been deleted
|
|
(ufw status | grep -q "$start_port:$end_port") || echo "$start_port-$end_port"
|
|
else
|
|
# Check if the individual port has been deleted
|
|
(ufw status | grep -q "$port") || echo "$port"
|
|
fi
|
|
done
|
|
else
|
|
echo "${red}Error:${plain} Invalid choice. Please enter 1 or 2." >&2
|
|
exit 1
|
|
fi
|
|
}
|