This script gives the option to unblock ip blocked by portsentry, you an also check if an ip is blocked and get a list of all blocked ip's.
It's also possible to block ip's yourself much in the same way portsentry would.
The little block script just calls unblock -b"ip ip ip"
This script has been very useful for me and I wanted to share.
Enjoy
Code:
#!/bin/bash
## written by Tripkipke
#### TODO
#### provide a file with a list of ips to be blocked or unblocked
####
##
##
#
Usage() {
cat << EOF
Usage: $0 options ip1 ip2 ..
unblock [-h] [-l] [-a] [-c "IP1 IP2 .."] [-b "IP1 IP2 .."] [-u "IP1 IP2 .."] [-v] IP1 IP2 ..
This script removes ip addresses from /etc/hosts.deny and iptables
and gives the option to block ip's manually or check if an ip is blocked
Don't use the same flag multiple times
Run without flags and and only by space separated ip addresses and it will unblock them
OPTIONS:
-h Show this message
-l List all ip's currently blocked
-a Unblock all ips
-c Check if an IP address is blocked
-b Block a list of ip's
-u Unblock a list of ip's
-v Verbose
Te ip's given after a flag must be quoted when there are multiple ip's
unblock -b 1.1.1.1 -c 3.3.3.3 4.4.4.4 5.5.5.5
block 1.1.1.1
check if 3.3.3.3 is blocked
unblock 4.4.4.4 and 5.5.5.5
unblock -b 1.1.1.1 -c "3.3.3.3 4.4.4.4" 5.5.5.5 6.6.6.6
block 1.1.1.1
check if 3.3.3.3 and 4.4.4.4 are blocked
unblock 5.5.5.5 and 6.6.6.6
EOF
exit 1
}
## If no arguments are given then show usage
if [ "$#" = "0" ]; then
Usage
fi
LIST=false
ALL=false
BIP=false
BLOCKIP=0
UBIP=false
UNBLOCKIP=0
CHECKIP=0
VERBOSE=false
while getopts ":hlac:b:u:v" options
do
case $options in
h)
Usage
;;
l)
LIST=true
;;
a)
ALL=true
;;
c)
CHECKIP=(${OPTARG})
CIP=true
;;
b)
BLOCKIP=(${OPTARG})
BIP=true
;;
u)
UNBLOCKIP=(${OPTARG})
UBIP=true
;;
v)
VERBOSE=true
;;
? | * )
Usage
;;
esac
done
## remove any arguments found so far
shift $(($OPTIND - 1))
## here IPS will be the remaining arguments on the command line
IPS=($*)
## if the verbose flag is set echo date and string
Verbose() {
STRING="$@"
PREFIX="[`date +"%D %H:%M:%S"`]: "
$VERBOSE && echo $PREFIX $STRING
}
## Check if the ip address is valid
Valid_ip() {
local ip=$1
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
OIFS=$IFS
IFS='.'
ip=($ip)
IFS=$OIFS
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?
fi
return $stat
}
# Check if the address exists in hosts.deny and delete it
DelHost() {
ip=$1
if grep -q $ip /etc/hosts.deny; then
sed -i "/$ip/ d" /etc/hosts.deny
Verbose "IP address $ip removed from /etc/hosts.deny"
else
Verbose "IP address $ip not found in /etc/hosts.deny"
fi
}
## Get the lines in iptables that contain the ip address and remove them
DelLines() {
ip=$1
## Get the line numbers and place them in an array
LINES=(`iptables -L INPUT -n -v --line-numbers | grep $ip | cut -d " " -f 1`)
## Reverse the order of the array
RLINES=(`echo ${LINES[@]} | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}'`)
## Remove the lines from iptables
for l in ${RLINES[@]}; do
iptables -D INPUT $l && Verbose "IP address $ip on line $l removed from iptables"
done
}
## Check if the address exists in iptables and delete it
CheckIptables(){
ip=$1
IPAD=(`iptables -L -n | egrep -v "Chain|source" | awk '{print $4}'`)
found=false
for a in ${IPAD[@]}; do
if [ "$ip" = "$a" ]; then
found=true
DelLines $ip
fi
done
$found || Verbose "IP address $ip not found in iptables"
}
## Remove banned hosts
UnBlockIp() {
ip=$1
DelHost $ip
CheckIptables $ip
echo "$ip has been unblocked"
}
Uip() {
## Create an array with all the ip addresses from /etc/hosts.deny
HIP=(`cat /etc/hosts.deny | grep -v '#' | awk '{print $2}'`)
## Create an array with all the ip addresses from iptables
IIP=(`iptables -n -L INPUT | egrep -v 'source|Chain' | awk '{print $4}'`)
## Merge HIP and IIP into MIP
MIP=( ${HIP[@]} ${IIP[@]} )
## Remove duplicates and sort unique addresses
UIP="`for i in ${MIP[@]}; do echo $i; done | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4`"
}
## If -l arg is true then print a list of all blocked ips
List() {
if [ "$LIST" = "true" ]; then
Uip
for v in ${UIP[@]}; do
echo $v
done
fi
}
## If -a arg is true then unblock all ips
All() {
if [ "$ALL" = "true" ]; then
Uip
for v in ${UIP[@]}; do
UnBlockIp $v
done
fi
}
## Parse everything else without args
IpAddr() {
for v in ${IPS[@]}; do
if Valid_ip $v; then
CheckIp $v
$found && UnBlockIp $v || echo "$v is not blocked..."
else
echo "$v is not a valid IP address"
fi
done
}
## Block the IP in iptables
BlockIp() {
ip=$1
/sbin/iptables -I INPUT -s $ip -j DROP && /sbin/iptables -I INPUT \
-s $ip -j LOG --log-level DEBUG --log-prefix 'Manually dropped by admin: '
Verbose "IP address $ip has been added to iptables"
}
## Block the ip in /etc/hosts.deny
BlockHost() {
ip=$1
echo "ALL: $ip : DENY" >> /etc/hosts.deny
Verbose "IP address $ip has been added to /etc/hosts.deny"
}
## Run block functions
BlockAll() {
ip=$1
BlockIp $ip
BlockHost $ip
echo "$ip has been blocked"
}
## Check if the ip is in the list of blocked ip's
CheckIp() {
ip=$1
Uip
found=false
for c in ${UIP[@]}; do
if [ "$ip" = "$c" ]; then
found=true
fi
done
}
## for each ip in the array run validation and block
Block() {
if [ "$BIP" = "true" ]; then
for ip in ${BLOCKIP[@]}; do
if Valid_ip $ip; then
CheckIp $ip
$found && echo "$ip is already blocked..." || BlockAll $ip
else
echo "$ip is not a valid IP address"
fi
done
fi
}
## for each ip in the array run validation and unblock
UnBlock() {
if [ "$UBIP" = "true" ]; then
for ip in ${UNBLOCKIP[@]}; do
if Valid_ip $ip; then
CheckIp $ip
$found && UnBlockIp $ip || echo "$ip is not blocked..."
else
echo "$ip is not a valid IP address"
fi
done
fi
}
## for each ip in the array check if the ip is blocked
Check() {
if [ "$CIP" = "true" ]; then
for ip in ${CHECKIP[@]}; do
if Valid_ip $ip; then
CheckIp $ip
$found && echo "$ip is blocked" || echo "$ip is not blocked"
else
echo "$ip is not a valid IP address"
fi
done
fi
}
## Run the whole thing
List
All
IpAddr
Block
UnBlock
Check
Code:
#!/bin/bash
## written by tripkipke
ARGS=($@)
Usage() {
cat << EOF
Usage: $0 ip1 ip2 ip3 ..
This scripts just runs "unblock -b" with the ips provided
block ip1 ip2 ..
EOF
exit 1
}
## If no arguments are given then show usage
if [ "$#" = "0" ]; then
Usage
fi
## Block it by calling the unblock script with the -b flag
unblock -b "${ARGS[@]}"
