bash - Firewall Management

x-ui.sh

@@ -483,6 +483,33 @@ show_xray_status() {
     fi
 }
 
+firewall_menu() {
+    echo -e "${green}\t1.${plain} Install Firewall & open ports"
+    echo -e "${green}\t2.${plain} Allowed List"
+    echo -e "${green}\t3.${plain} Delete Ports from List"
+    echo -e "${green}\t4.${plain} Disable Firewall"
+    echo -e "${green}\t0.${plain} Back to Main Menu"
+    read -p "Choose an option: " choice
+    case "$choice" in
+    0)
+        show_menu
+        ;;
+    1)
+        open_ports
+        ;;
+    2)
+        sudo ufw status
+        ;;
+    3)
+        delete_ports
+        ;;
+    4)
+        sudo ufw disable
+        ;;
+    *) echo "Invalid choice" ;;
+    esac
+}
+
 open_ports() {
     if ! command -v ufw &>/dev/null; then
         echo "ufw firewall is not installed. Installing now..."
@@ -535,6 +562,37 @@ open_ports() {
     ufw status | grep $ports
 }
 
+delete_ports() {
+    # Prompt the user to enter the ports they want to delete
+    read -p "Enter the ports you want to delete (e.g. 80,443,2053 or range 400-500): " ports
+
+    # Check if the input is valid
+    if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then
+        echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2
+        exit 1
+    fi
+
+    # Delete the specified ports using ufw
+    IFS=',' read -ra PORT_LIST <<<"$ports"
+    for port in "${PORT_LIST[@]}"; do
+        if [[ $port == *-* ]]; then
+            # Split the range into start and end ports
+            start_port=$(echo $port | cut -d'-' -f1)
+            end_port=$(echo $port | cut -d'-' -f2)
+            # Loop through the range and delete each port
+            for ((i = start_port; i <= end_port; i++)); do
+                ufw delete allow $i
+            done
+        else
+            ufw delete allow "$port"
+        fi
+    done
+
+    # Confirm that the ports are deleted
+    echo "Deleted the specified ports:"
+    ufw status | grep $ports
+}
+
 update_geo() {
     local defaultBinFolder="/usr/local/x-ui/bin"
     read -p "Please enter x-ui bin folder path. Leave blank for default. (Default: '${defaultBinFolder}')" binFolder
@@ -1124,10 +1182,10 @@ show_menu() {
   ${green}17.${plain} Cloudflare SSL Certificate
   ${green}18.${plain} IP Limit Management
   ${green}19.${plain} WARP Management
+  ${green}20.${plain} Firewall Management
 ————————————————
-  ${green}20.${plain} Enable BBR 
-  ${green}21.${plain} Update Geo Files
-  ${green}22.${plain} Active Firewall and open ports
+  ${green}21.${plain} Enable BBR 
+  ${green}22.${plain} Update Geo Files
   ${green}23.${plain} Speedtest by Ookla
 "
     show_status
@@ -1195,13 +1253,13 @@ show_menu() {
         warp_cloudflare
         ;;
     20)
-        enable_bbr
+        firewall_menu
         ;;
     21)
-        update_geo
+        enable_bbr
         ;;
     22)
-        open_ports
+        update_geo
         ;;
     23)
         run_speedtest