-
Notifications
You must be signed in to change notification settings - Fork 1
/
ndt.sh
340 lines (291 loc) · 12 KB
/
ndt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
#!/bin/bash
# ===================================================================
#
# NDT / Nat Direct Tools is a simple bash script
# designed to automatically manage the NAT system in Proxmox & Virtualizor.
# This script facilitates the addition of port forwarding and IP limitations
# for VMs and Containers.
#
# This Project licensed under MIT
# URL: https://github.com/wildy3128/ndt/blob/main/LICENSE
#
# -------------------------------------------------------------------
#
# Author : Wildy3128 <[email protected]>
# Version : 1.0.0
# Date : 30-10-2023
# Release : Stable
#
# ===================================================================
function add_nat() {
echo "1). Single Port"
echo "2). Range Port"
read -p "Select [1-2]: " chs
if [[ $chs == "1" ]]; then
clear
read -p "Port to assign : " aports
if ! [[ $aports =~ ^[0-9]+$ ]] || [[ $aports -lt 1 ]] || [[ $aports -gt 65535 ]]; then
echo "Invalid port. Please enter a valid port number between 1 and 65535."
exit 1
fi
read -p "Destination : " dsts
if ! [[ $dsts =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(:[0-9]+)?$ ]]; then
echo "Invalid destination. Please enter a valid destination in the format 'ip:port' or 'ip'."
exit 1
fi
read -p "IP Public : " publics
if ! [[ $publics =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Invalid public IP. Please enter a valid public IP address."
exit 1
fi
read -p "Interfaces : " intfs
if ! [[ $intfs ]]; then
echo "Invalid Interfaces. Please enter a valid interfaces"
exit 1
fi
read -p "Protocol t/u/tu : " tupros
if [[ $tupros == "t" ]]; then
proc="tcp"
elif [[ $tupros == "u" ]]; then
proc="udp"
elif [[ $tupros == "tu" ]]; then
proc="tcp,udp"
else
echo "Invalid Protocol, please input tcp[t], udp[u], both[tu]"
exit 1
fi
if [[ $proc == "tcp,udp" ]]; then
echo -e $"\n\nExec: iptables -t nat -A PREROUTING -p tcp -d $publics --dport $aports -i $intfs -j DNAT --to-destination $dsts"
echo -e $"\n\nExec: iptables -t nat -A PREROUTING -p udp -d $publics --dport $aports -i $intfs -j DNAT --to-destination $dsts"
iptables -t nat -A PREROUTING -p tcp -d $publics --dport $aports -i $intfs -j DNAT --to-destination $dsts
iptables -t nat -A PREROUTING -p udp -d $publics --dport $aports -i $intfs -j DNAT --to-destination $dsts
echo "Done iptables created !"
else
echo -e $"\n\nExec: iptables -t nat -A PREROUTING -p $proc -d $publics --dport $aports -i $intfs -j DNAT --to-destination $dsts"
iptables -t nat -A PREROUTING -p $proc -d $publics --dport $aports -i $intfs -j DNAT --to-destination $dsts
echo "Done iptables created !"
fi
echo -e $"\nPress [ENTER] to back"
read && main
elif [[ $chs == "2" ]]; then
clear
read -p "Port start : " sports
if ! [[ $sports =~ ^[0-9]+$ ]] || [[ $sports -lt 1 ]] || [[ $sports -gt 65535 ]]; then
echo "Invalid port. Please enter a valid port number between 1 and 65535."
exit 1
fi
read -p "Port End : " eports
if ! [[ $eports =~ ^[0-9]+$ ]] || [[ $eports -lt 1 ]] || [[ $eports -gt 65535 ]]; then
echo "Invalid port. Please enter a valid port number between 1 and 65535."
exit 1
fi
read -p "Destination : " dsts
if ! [[ $dsts =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(:[0-9]+)?$ ]]; then
echo "Invalid destination. Please enter a valid destination in the format 'ip:port' or 'ip'."
exit 1
fi
read -p "IP Public : " publics
if ! [[ $publics =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Invalid public IP. Please enter a valid public IP address."
exit 1
fi
read -p "Interfaces : " intfs
if ! [[ $intfs ]]; then
echo "Invalid Interfaces. Please enter a valid interfaces"
exit 1
fi
read -p "Protocol t/u/tu : " tupros
if [[ $tupros == "t" ]]; then
proc="tcp"
elif [[ $tupros == "u" ]]; then
proc="udp"
elif [[ $tupros == "tu" ]]; then
proc="tcp,udp"
else
echo "Invalid Protocol, please input tcp[t], udp[u], both[tu]"
exit 1
fi
if [[ $proc == "tcp,udp" ]]; then
echo -e $"\n\nExec: iptables -t nat -A PREROUTING -p tcp -d $publics --dport $sports:$eports -i $intfs -j DNAT --to-destination $dsts"
echo -e $"\n\nExec: iptables -t nat -A PREROUTING -p udp -d $publics --dport $sports:$eports -i $intfs -j DNAT --to-destination $dsts"
iptables -t nat -A PREROUTING -p tcp -d $publics --dport $sports:$eports -i $intfs -j DNAT --to-destination $dsts
iptables -t nat -A PREROUTING -p udp -d $publics --dport $sports:$eports -i $intfs -j DNAT --to-destination $dsts
echo "Done iptables created !"
else
echo -e $"\n\nExec: iptables -t nat -A PREROUTING -p $proc -d $publics --dport $sports:$eports -i $intfs -j DNAT --to-destination $dsts"
iptables -t nat -A PREROUTING -p $proc -d $publics --dport $sports:$eports -i $intfs -j DNAT --to-destination $dsts
echo "Done iptables created !"
fi
echo -e $"\nPress [ENTER] to back"
read && main
else
echo "Invalid options"
sleep 2 && main
fi
}
function del_nat() {
totalline=$(iptables -t nat -L PREROUTING | tail -n +3 | wc -l)
echo "No Protocol Port Destination"
for ((i=1; i <= $totalline; i++)); do
exected=$(iptables -t nat -L PREROUTING | tail -n +3 | sed -n ${i}p)
protocol=$(echo $exected | awk '{print $2}')
port=$(echo $exected | awk '{print $7}' | sed 's/dpt://g' | sed 's/dpts://g')
dest=$(echo $exected | awk '{print $8}' | sed 's/to://g')
printf "%-4s %-10s %-12s %-25s\n" "$i" "$protocol" "$port" "$dest"
done
read -p "Which line [1-$totalline] want to delete ? " whichline
if [[ $whichline == "" ]]; then
echo "Please choose an options and try again."
exit 1
fi
iptables -t nat -D PREROUTING $whichline > /dev/null 2>&1
echo "Lines $whichline has been deleted"
echo -e $"\nPress [ENTER] to back"
read && main
}
function list_nat() {
clear
totalline=$(iptables -t nat -L PREROUTING | tail -n +3 | wc -l)
echo "No Protocol Port Destination"
for ((i=1; i <= $totalline; i++)); do
exected=$(iptables -t nat -L PREROUTING | tail -n +3 | sed -n ${i}p)
protocol=$(echo $exected | awk '{print $2}')
port=$(echo $exected | awk '{print $7}' | sed 's/dpt://g' | sed 's/dpts://g')
dest=$(echo $exected | awk '{print $8}' | sed 's/to://g')
printf "%-4s %-10s %-12s %-25s\n" "$i" "$protocol" "$port" "$dest"
done
echo -e $"\nPress [ENTER] to back"
read && main
}
function add_limit() {
echo "1). IPv4"
echo "2). IPv6"
read -p "Select [1-2]: " slc
if [[ $slc == "1" ]]; then
clear
read -p "MAC Address : " macs
if ! [[ $macs ]]; then
echo "Input value for mac address and try again !"
exit 1
fi
read -p "Source IP : " srcip
if ! [[ $srcip ]]; then
echo "Input value for sourceip and try again !"
exit 1
fi
echo "Exec: ebtables -A INPUT -s $macs -p IPv4 --ip-src ! $srcip -j DROP"
ebtables -A INPUT -s $macs -p IPv4 --ip-src ! $srcip -j DROP
echo "new ebtables rules created" && sleep 2
elif [[ $slc == "2" ]]; then
clear
read -p "MAC Address : " mac
if ! [[ $macs ]]; then
echo "Input value for mac address and try again !"
exit 1
fi
read -p "Source IP : " srcip
if ! [[ $srcip ]]; then
echo "Input value for sourceip and try again !"
exit 1
fi
echo "Exec: ebtables -A INPUT -s $macs -p IPv6 --ip6-src ! $srcip -j DROP"
ebtables -A INPUT -s $macs -p IPv6 --ip6-src ! $srcip -j DROP
echo "new ebtables rules created" && sleep 2
else
echo "Invalid options !"
sleep 2 && main
fi
echo -e $"\nPress [ENTER] to back"
read && main
}
function list_nat() {
clear
totalline=$(iptables -t nat -L PREROUTING | tail -n +3 | wc -l)
echo "No Protocol Port Destination"
for ((i=1; i <= $totalline; i++)); do
exected=$(iptables -t nat -L PREROUTING | tail -n +3 | sed -n ${i}p)
protocol=$(echo $exected | awk '{print $2}')
port=$(echo $exected | awk '{print $7}' | sed 's/dpt://g' | sed 's/dpts://g')
dest=$(echo $exected | awk '{print $8}' | sed 's/to://g')
printf "%-4s %-10s %-12s %-25s\n" "$i" "$protocol" "$port" "$dest"
done
echo -e $"\nPress [ENTER] to back"
read && main
}
function list_limit() {
clear
totalline=$(ebtables -t filter -L INPUT | tail -n +4 | wc -l)
echo "No Type Mac Source IP"
for ((i=1; i <= $totalline; i++)); do
exected=$(ebtables -L INPUT | tail -n +4 | sed -n ${i}p)
type=$(echo $exected | awk '{print $2}')
mac=$(echo $exected | awk '{print $4}')
srcip=$(echo $exected | awk '{print $7}')
printf "%-4s %-10s %-20s %-25s\n" "$i" "$type" "$mac" "$srcip"
done
echo -e $"\nPress [ENTER] to back"
read && main
}
function del_limit() {
totalline=$(ebtables -t filter -L INPUT | tail -n +4 | wc -l)
echo "No Type Mac Source IP"
for ((i=1; i <= $totalline; i++)); do
exected=$(ebtables -L INPUT | tail -n +4 | sed -n ${i}p)
type=$(echo $exected | awk '{print $2}')
mac=$(echo $exected | awk '{print $4}')
srcip=$(echo $exected | awk '{print $7}')
printf "%-4s %-10s %-20s %-25s\n" "$i" "$type" "$mac" "$srcip"
done
read -p "Which line [1-$totalline] want to delete ? " whichline
if [[ $whichline == "" ]]; then
echo "Please choose an options and try again."
exit 1
fi
ebtables -D INPUT $whichline > /dev/null 2>&1
echo "Lines $whichline has been deleted"
echo -e $"\nPress [ENTER] to back"
read && main
}
function main() {
clear
echo "===================================================================="
echo " NDT / Nat Direct Tools is a simple bash script"
echo " designed to automatically manage the NAT system in Proxmox & Virtualizor."
echo " With this script, you can add port forwarding and IP limitations"
echo " for VMs and Containers."
echo "===================================================================="
echo " Author : Wildy3128 <[email protected]>"
echo " Date : 30-10-2023"
echo " Version : 1.0.0"
echo " Release : Stable"
echo " License : https://github.com/wildy3128/ndt/blob/main/LICENSE"
echo "===================================================================="
echo ""
echo " 1). Add new nat rules"
echo " 2). Delete exist nat rules"
echo " 3). List exists nat rules"
echo " 4). Add limitation ebtables rules"
echo " 5). List limiation ebtables rules"
echo " 6). Delete limitation ebtables rules"
echo " 7). Exit"
echo ""
echo "===================================================================="
echo ""
read -p "Select [1-7]: " select
if [[ $select == "1" ]]; then
clear && add_nat
elif [[ $select == "2" ]]; then
clear && del_nat
elif [[ $select == "3" ]]; then
clear && list_nat
elif [[ $select == "4" ]]; then
clear && add_limit
elif [[ $select == "5" ]]; then
clear && list_limit
elif [[ $select == "6" ]]; then
clear && del_limit
else
echo "Existed." && exit
fi
}
main