hestiacp/bin/v-delete-firewall-ban

#!/bin/bash
# info: delete firewall blocking rule
# options: IP CHAIN
#
# example: v-delete-firewall-ban 198.11.130.250 MAIL
#
# This function deletes blocking rule from system firewall

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

# Argument definition
ip=$1
chain=$(echo $2 | tr '[:lower:]' '[:upper:]')

# Defining absolute path for iptables and modprobe
iptables="/sbin/iptables"

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/firewall.sh
source $HESTIA/func/firewall.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '2' "$#" 'IP CHAIN'
is_format_valid 'ip' 'chain'
is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Self heal iptables links
heal_iptables_links

conf="$HESTIA/data/firewall/banlist.conf"
if [ "$chain" == "ALL" ]; then
	check_ip=$(grep "IP='$ip' CHAIN='*'" $conf)
	if [ -z "$check_ip" ]; then
		exit
	fi
	grep "IP='$ip' CHAIN='*'" $conf | while read -r line; do
		parse_object_kv_list $line

		# Deleting ip from banlist
		sip=$(echo "$IP" | sed "s|/|\\\/|g")
		sed -i "/IP='$sip' CHAIN='$CHAIN'/d" $conf
		b=$($iptables -L fail2ban-$CHAIN --line-number -n | grep -w $ip | awk '{print $1}')
		$iptables -D fail2ban-$CHAIN $b 2> /dev/null
	done
else
	# Checking ip in banlist
	check_ip=$(grep "IP='$ip' CHAIN='$chain'" $conf 2> /dev/null)
	if [ -z "$check_ip" ]; then
		exit
	fi

	# Deleting ip from banlist
	sip=$(echo "$ip" | sed "s|/|\\\/|g")
	sed -i "/IP='$sip' CHAIN='$chain'/d" $conf
	b=$($iptables -L fail2ban-$chain --line-number -n | grep -w $ip | awk '{print $1}')
	$iptables -D fail2ban-$chain $b 2> /dev/null
fi

# Changing permissions
chmod 660 $conf

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Logging
$BIN/v-log-action "system" "Info" "Firewall" "Removed IP from ban list (IP: $ip, Service: $chain)."
log_event "$OK" "$ARGUMENTS"

exit
Initial 2 years ago			`#!/bin/bash`
			`# info: delete firewall blocking rule`
			`# options: IP CHAIN`
			`#`
			`# example: v-delete-firewall-ban 198.11.130.250 MAIL`
			`#`
			`# This function deletes blocking rule from system firewall`

			`#----------------------------------------------------------#`
			`# Variables & Functions #`
			`#----------------------------------------------------------#`

			`# Argument definition`
			`ip=$1`
			`chain=$(echo $2 \| tr '[:lower:]' '[:upper:]')`

			`# Defining absolute path for iptables and modprobe`
			`iptables="/sbin/iptables"`

			`# Includes`
			`# shellcheck source=/etc/hestiacp/hestia.conf`
			`source /etc/hestiacp/hestia.conf`
			`# shellcheck source=/usr/local/hestia/func/main.sh`
			`source $HESTIA/func/main.sh`
			`# shellcheck source=/usr/local/hestia/func/firewall.sh`
			`source $HESTIA/func/firewall.sh`
			`# load config file`
			`source_conf "$HESTIA/conf/hestia.conf"`

			`#----------------------------------------------------------#`
			`# Verifications #`
			`#----------------------------------------------------------#`

			`check_args '2' "$#" 'IP CHAIN'`
			`is_format_valid 'ip' 'chain'`
			`is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'`

			`# Perform verification if read-only mode is enabled`
			`check_hestia_demo_mode`

			`#----------------------------------------------------------#`
			`# Action #`
			`#----------------------------------------------------------#`

			`# Self heal iptables links`
			`heal_iptables_links`

			`conf="$HESTIA/data/firewall/banlist.conf"`
			`if [ "$chain" == "ALL" ]; then`
			`check_ip=$(grep "IP='$ip' CHAIN='*'" $conf)`
			`if [ -z "$check_ip" ]; then`
			`exit`
			`fi`
			`grep "IP='$ip' CHAIN='*'" $conf \| while read -r line; do`
			`parse_object_kv_list $line`

			`# Deleting ip from banlist`
			`sip=$(echo "$IP" \| sed "s\|/\|\\\/\|g")`
			`sed -i "/IP='$sip' CHAIN='$CHAIN'/d" $conf`
			`b=$($iptables -L fail2ban-$CHAIN --line-number -n \| grep -w $ip \| awk '{print $1}')`
			`$iptables -D fail2ban-$CHAIN $b 2> /dev/null`
			`done`
			`else`
			`# Checking ip in banlist`
			`check_ip=$(grep "IP='$ip' CHAIN='$chain'" $conf 2> /dev/null)`
			`if [ -z "$check_ip" ]; then`
			`exit`
			`fi`

			`# Deleting ip from banlist`
			`sip=$(echo "$ip" \| sed "s\|/\|\\\/\|g")`
			`sed -i "/IP='$sip' CHAIN='$chain'/d" $conf`
			`b=$($iptables -L fail2ban-$chain --line-number -n \| grep -w $ip \| awk '{print $1}')`
			`$iptables -D fail2ban-$chain $b 2> /dev/null`
			`fi`

			`# Changing permissions`
			`chmod 660 $conf`

			`#----------------------------------------------------------#`
			`# Hestia #`
			`#----------------------------------------------------------#`

			`# Logging`
			`$BIN/v-log-action "system" "Info" "Firewall" "Removed IP from ban list (IP: $ip, Service: $chain)."`
			`log_event "$OK" "$ARGUMENTS"`

			`exit`