Simplifying Firewall Management with a Bash Script - Pinwire
 Simplifying Firewall Management with a Bash Script
 In Sci & Tech
0

 

Managing server security and your server firewall is a critical aspect of maintaining a robust IT infrastructure. While firewalls play a pivotal role in safeguarding servers from unauthorized access, efficiently implementing and updating firewall rules can be a time-consuming task. This bash script not only streamlines the process of blocking specific IP addresses or subnets but also provides valuable information about the entities behind those addresses using WHOIS data.

The provided Bash script is designed to enhance firewall management by allowing users to block specific IP addresses or subnets with ease. Let’s break down the script and understand its functionalities.

  1. Input Validation: The script begins by checking if a valid IP address or subnet is provided as an argument. This step ensures that the user enters the necessary information, preventing potential errors.
  2. WHOIS Data Extraction: The script extracts relevant information about the specified IP address using the WHOIS command. It captures details such as organization name, description, address, and country associated with the IP. This data is valuable for understanding the source of potential threats.
  3. Menu Interface: The script offers a user-friendly menu that presents options for blocking IP addresses or subnets. Users can choose to block a single IP address or an entire subnet (e.g., .0/24). The menu provides a clear interface for users to interact with the script.
  4. Firewall Rule Addition: Depending on the user’s choice, the script adds the specified IP address or modified subnet to a predefined firewall rule file. It checks for existing entries to avoid redundancy. After updating the rule file, the script restarts the firewall service to apply the changes.

Benefits of the Script:

  1. Simplified Workflow: The script streamlines the process of managing firewall rules, reducing the complexity associated with manual configuration.
  2. Automated Rule Updates: By automating the addition of IP addresses or subnets to the firewall rule file, the script ensures that security measures are promptly updated.
  3. WHOIS Insight: The inclusion of WHOIS data provides users with valuable insights into the entities associated with potentially harmful IP addresses, aiding in threat analysis.
  4. User-Friendly Interface: The menu-based interface simplifies user interaction, making it accessible for both novice and experienced administrators.

This script significantly enhances server management by automating the process of blocking IP addresses and subnets. The combination of WHOIS data extraction and a user-friendly interface makes this script a valuable tool for server administrators looking to fortify their systems against potential threats. Integrating such scripts into server management workflows contributes to a more secure and efficient IT infrastructure.


#!/bin/bash
# Tom McGuire | VisualMoxie.com
# Check if a variable is passed
if [ -z "$1" ]; then
echo "Usage: $0 <ip_address_or_subnet>"
exit 1
fi

# Validate the input (optional)
if [[ ! $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(/[0-9]+)?$ ]]; then
echo "Invalid input. Please provide a valid IP address or subnet."
exit 1
fi

# Define the filename
filename="/etc/firewall/GLOBAL_DROP"

# Output additional lines
echo -e "\n\n\e[34mYou are about to BLOCK $1 accessing the server.\e[0m"
echo -e "\e[34m-------------------------------------------------------\e[0m"

# Extract information using whois and filter unique occurrences
# Various WHOIS outputs
orgname=$(whois $1 | grep -m 1 -i "OrgName" | cut -d ":" -f 2 | sed 's/^[ \t]*//;s/[ \t]*$//' | uniq)
descr=$(whois $1 | grep -m 1 -i "descr" | cut -d ":" -f 2 | sed 's/^[ \t]*//;s/[ \t]*$//' | uniq)
address=$(whois $1 | grep -m 1 -i "address" | cut -d ":" -f 2 | sed 's/^[ \t]*//;s/[ \t]*$//' | uniq)
country=$(whois $1 | grep -m 1 -i "country" | cut -d ":" -f 2 | sed 's/^[ \t]*//;s/[ \t]*$//' | uniq)

# Output the information with light yellow color
echo -e "\nIP Address WHOIS Owner Information:"
echo -e "\e[33m$1\e[0m"

# Echo variables only if they are not empty
[ -n "$orgname" ] && echo -e "\e[33m$orgname\e[0m"
[ -n "$descr" ] && echo -e "\e[33m$descr\e[0m"
[ -n "$address" ] && echo -e "\e[33m$address\e[0m"
[ -n "$country" ] && echo -e "\e[33m$country\e[0m"
echo -e "More Info: https://www.ip2location.com/demo/$1"

# Menu
echo -e "\n\e[34mFirewall Menu:\e[0m\n"
echo "1. Block IP and Restart Firewall"
echo "2. Block IP Subnet (.0/24) and Restart Firewall"
echo "3. Exit"
echo -e "\n"
read -p "Enter your choice (1-3): " choice
echo -e "\n"

# Menu options
case $choice in
1)
# Check if the IP address or subnet is already present in the file
if grep -qiFx "$1" "$filename"; then
echo -e "IP address $1 is already blocked. Exiting.\n"
exit 0
fi

# Add the variable to the file
echo "$1" >> "$filename"

# Sleep for a short duration (1 second)
sleep 1

# Restart the firewall
systemctl restart firewall

echo -e "IP address $1 added to $filename, and firewall restarted.\n"
;;
2)
# Modify the IP address (replace last octet with .0/24)
modified_ip="${1%.*}.0/24"

# Check if the modified IP address is already present in the file
if grep -qiFx "$modified_ip" "$filename"; then
echo "IP Subnet $modified_ip is already blocked. Exiting."
exit 0
fi

echo "$modified_ip" >> "$filename"

# Sleep for a short duration (1 second)
sleep 1

# Restart the firewall
systemctl restart firewall

echo -e "IP Subnet $modified_ip added to $filename, and firewall restarted.\n"
;;
3)
echo -e "Exiting the script.\n"
exit 0
;;
*)
echo -e "Invalid choice. Exiting the script.\n"
exit 1
;;
esac

 

Recommended Posts

Leave a Comment

Start typing and press Enter to search

Pinwire