Register
It is currently Sun Nov 23, 2014 7:04 pm

unblock ip's from iptables and hosts.deny (portsentry)


All times are UTC - 6 hours


Post new topic Reply to topic  [ 1 post ] 
Author Message
 PostPosted: Wed Apr 01, 2009 1:51 am   

Joined: Tue Mar 31, 2009 3:10 pm
Posts: 7
This script gives the option to unblock ip blocked by portsentry, you an also check if an ip is blocked and get a list of all blocked ip's.
It's also possible to block ip's yourself much in the same way portsentry would.
The little block script just calls unblock -b"ip ip ip"
This script has been very useful for me and I wanted to share.

Enjoy

Code:
#!/bin/bash
## written by Tripkipke   
#### TODO
#### provide a file with a list of ips to be blocked or unblocked
####
##
##
#

Usage() {
   cat << EOF

Usage: $0 options ip1 ip2 ..

unblock [-h] [-l] [-a] [-c "IP1 IP2 .."] [-b "IP1 IP2 .."] [-u "IP1 IP2 .."] [-v] IP1 IP2 ..
   
This script removes ip addresses from /etc/hosts.deny and iptables
and gives the option to block ip's manually or check if an ip is blocked
Don't use the same flag multiple times
Run without flags and and only by space separated ip addresses and it will unblock them

   OPTIONS:

   -h    Show this message
   -l    List all ip's currently blocked
   -a    Unblock all ips
   -c    Check if an IP address is blocked
   -b    Block a list of ip's
   -u    Unblock a list of ip's
   -v    Verbose
   
Te ip's given after a flag must be quoted when there are multiple ip's

unblock -b 1.1.1.1 -c 3.3.3.3 4.4.4.4 5.5.5.5

      block 1.1.1.1
      check if 3.3.3.3 is blocked
      unblock 4.4.4.4 and 5.5.5.5

unblock -b 1.1.1.1 -c "3.3.3.3 4.4.4.4" 5.5.5.5 6.6.6.6
   
      block 1.1.1.1
      check if 3.3.3.3 and 4.4.4.4 are blocked
      unblock 5.5.5.5 and 6.6.6.6


EOF
exit 1
}

## If no arguments are given then show usage
if [ "$#" = "0" ]; then
   Usage
fi

LIST=false
ALL=false
BIP=false
BLOCKIP=0
UBIP=false
UNBLOCKIP=0
CHECKIP=0
VERBOSE=false

while getopts ":hlac:b:u:v" options
do
   case $options in
      h)
       Usage
       ;;
      l)
       LIST=true
       ;;
      a)
       ALL=true
       ;;
      c)
        CHECKIP=(${OPTARG})
       CIP=true
       ;;
      b)
       BLOCKIP=(${OPTARG})
       BIP=true
       ;;
      u)
       UNBLOCKIP=(${OPTARG})
       UBIP=true
       ;;
      v)
       VERBOSE=true
       ;;
      ? | * )
       Usage
       ;;
   esac
done

## remove any arguments found so far
shift $(($OPTIND - 1))
## here IPS will be the remaining arguments on the command line
IPS=($*)

## if the verbose flag is set echo date and string
Verbose() {
   STRING="$@"
   PREFIX="[`date +"%D %H:%M:%S"`]: "
   $VERBOSE && echo $PREFIX $STRING
}

## Check if the ip address is valid
Valid_ip() {
   local  ip=$1
   local  stat=1
   if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
      OIFS=$IFS
      IFS='.'
      ip=($ip)
      IFS=$OIFS
      [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
      stat=$?
   fi
   return $stat
}

# Check if the address exists in hosts.deny and delete it
DelHost() {
   ip=$1
   if grep -q $ip /etc/hosts.deny;   then
      sed -i "/$ip/ d" /etc/hosts.deny
      Verbose "IP address $ip removed from /etc/hosts.deny"
   else
      Verbose "IP address $ip not found in /etc/hosts.deny"
   fi
}

## Get the lines in iptables that contain the ip address and remove them
DelLines() {
   ip=$1
   ## Get the line numbers and place them in an array
   LINES=(`iptables -L INPUT -n -v --line-numbers | grep $ip | cut -d " " -f 1`)
   ## Reverse the order of the array
   RLINES=(`echo ${LINES[@]} | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}'`)
   ## Remove the lines from iptables
   for l in ${RLINES[@]}; do
      iptables -D INPUT $l && Verbose "IP address $ip on line $l removed from iptables"
   done
}

## Check if the address exists in iptables and delete it
CheckIptables(){
   ip=$1
   IPAD=(`iptables -L -n | egrep -v "Chain|source" | awk '{print $4}'`)
   found=false
   for a in ${IPAD[@]}; do
      if [ "$ip" = "$a" ]; then
         found=true
         DelLines $ip
      fi
   done
   $found || Verbose "IP address $ip not found in iptables"
}

## Remove banned hosts
UnBlockIp() {
   ip=$1
   DelHost $ip
   CheckIptables $ip
   echo "$ip has been unblocked"
}

Uip() {
   ## Create an array with all the ip addresses from /etc/hosts.deny
   HIP=(`cat /etc/hosts.deny | grep -v '#' | awk '{print $2}'`)
   ## Create an array with all the ip addresses from iptables
   IIP=(`iptables -n -L INPUT | egrep -v 'source|Chain' | awk '{print $4}'`)
   ## Merge HIP and IIP into MIP
   MIP=( ${HIP[@]} ${IIP[@]} )
   ## Remove duplicates and sort unique addresses
   UIP="`for i in ${MIP[@]}; do echo $i; done | sort  -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4`"
}

## If -l arg is true then print a list of all blocked ips
List() {
   if [ "$LIST" = "true" ]; then
      Uip
      for v in ${UIP[@]}; do
         echo $v
      done
   fi
}

## If -a arg is true then unblock all ips
All() {
   if [ "$ALL" = "true" ]; then
      Uip
      for v in ${UIP[@]}; do
         UnBlockIp $v
      done
   fi
}

## Parse everything else without args
IpAddr() {
   for v in ${IPS[@]}; do
      if Valid_ip $v; then
         CheckIp $v
         $found && UnBlockIp $v || echo "$v is not blocked..."
      else
         echo "$v is not a valid IP address"
      fi   
   done
}

## Block the IP in iptables
BlockIp() {
   ip=$1
   /sbin/iptables -I INPUT -s $ip -j DROP && /sbin/iptables -I INPUT \
   -s $ip -j LOG --log-level DEBUG   --log-prefix 'Manually dropped by admin: '
   Verbose "IP address $ip has been added to iptables"
}

## Block the ip in /etc/hosts.deny
BlockHost() {
   ip=$1
   echo "ALL: $ip : DENY" >> /etc/hosts.deny
   Verbose "IP address $ip has been added to /etc/hosts.deny"
}

## Run block functions
BlockAll() {
   ip=$1
   BlockIp $ip
   BlockHost $ip
   echo "$ip has been blocked"
}

## Check if the ip is in the list of blocked ip's
CheckIp() {
   ip=$1
   Uip
   found=false
   for c in ${UIP[@]}; do
      if [ "$ip" = "$c" ]; then
         found=true
      fi
   done
}

## for each ip in the array run validation and block
Block() {
   if [ "$BIP" = "true" ]; then
      for ip in ${BLOCKIP[@]}; do
         if Valid_ip $ip; then
            CheckIp $ip
            $found && echo "$ip is already blocked..." || BlockAll $ip
         else
            echo "$ip is not a valid IP address"
         fi
      done
   fi
}

## for each ip in the array run validation and unblock
UnBlock() {
   if [ "$UBIP" = "true" ]; then
      for ip in ${UNBLOCKIP[@]}; do
         if Valid_ip $ip; then
            CheckIp $ip
            $found && UnBlockIp $ip || echo "$ip is not blocked..."
         else
            echo "$ip is not a valid IP address"
         fi
      done
   fi
}

## for each ip in the array check if the ip is blocked
Check() {
   if [ "$CIP" = "true" ]; then
      for ip in ${CHECKIP[@]}; do
         if Valid_ip $ip; then
            CheckIp $ip
            $found && echo "$ip is blocked" || echo "$ip is not blocked"
         else
            echo "$ip is not a valid IP address"
         fi
      done
   fi
}

## Run the whole thing
List
All
IpAddr
Block
UnBlock
Check


Code:
#!/bin/bash
## written by tripkipke
ARGS=($@)
Usage() {
   cat << EOF

Usage: $0 ip1 ip2 ip3 ..
This scripts just runs "unblock -b" with the ips provided

block ip1 ip2 ..

EOF
exit 1
}

## If no arguments are given then show usage
if [ "$#" = "0" ]; then
   Usage
fi

## Block it by calling the unblock script with the -b flag
unblock -b "${ARGS[@]}"


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP