From 7a38a2474e12e2e6f0b195ca3038847947e1b0ed Mon Sep 17 00:00:00 2001 From: Ho3ein Date: Thu, 22 Feb 2024 21:05:37 +0330 Subject: [PATCH] bash - firewall Management + Speedtest by Ookla + Enable or Disable BBR (#1000) * bash - firewall Management + Speedtest by Ookla + Enable or Disable BBR * svenstaro + release to draft --- .github/workflows/release.yml | 3 +- x-ui.sh | 258 +++++++++++++++++++++++++++++++--- 2 files changed, 243 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 760c9dd6..21bbdcfa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -93,10 +93,11 @@ jobs: run: tar -zcvf x-ui-linux-${{ matrix.platform }}.tar.gz x-ui - name: Upload files to GH release - uses: MHSanaei/upload-release-action@2.8.0 + uses: svenstaro/upload-release-action@2.9.0 with: repo_token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ github.ref }} file: x-ui-linux-${{ matrix.platform }}.tar.gz asset_name: x-ui-linux-${{ matrix.platform }}.tar.gz prerelease: true + draft: true diff --git a/x-ui.sh b/x-ui.sh index e042ce85..824e4ac9 100644 --- a/x-ui.sh +++ b/x-ui.sh @@ -307,13 +307,6 @@ show_log() { fi } -install_bbr() { - # temporary workaround for installing bbr - bash <(curl -L -s https://raw.githubusercontent.com/teddysun/across/master/bbr.sh) - echo "" - before_show_menu -} - update_shell() { wget -O /usr/bin/x-ui -N --no-check-certificate https://github.com/alireza0/x-ui/raw/main/x-ui.sh if [[ $? != 0 ]]; then @@ -630,6 +623,195 @@ ssl_cert_issue_CF() { fi } +firewall_menu() { + echo -e "${green}\t1.${plain} Install Firewall & open ports" + echo -e "${green}\t2.${plain} Allowed List" + echo -e "${green}\t3.${plain} Delete Ports from List" + echo -e "${green}\t4.${plain} Disable Firewall" + echo -e "${green}\t0.${plain} Back to Main Menu" + read -p "Choose an option: " choice + case "$choice" in + 0) + show_menu + ;; + 1) + open_ports + ;; + 2) + sudo ufw status + ;; + 3) + delete_ports + ;; + 4) + sudo ufw disable + ;; + *) echo "Invalid choice" ;; + esac +} + +open_ports() { + if ! command -v ufw &>/dev/null; then + echo "ufw firewall is not installed. Installing now..." + apt-get update + apt-get install -y ufw + else + echo "ufw firewall is already installed" + fi + + # Check if the firewall is inactive + if ufw status | grep -q "Status: active"; then + echo "firewall is already active" + else + # Open the necessary ports + ufw allow ssh + ufw allow http + ufw allow https + ufw allow 54321/tcp + + # Enable the firewall + ufw --force enable + fi + + # Prompt the user to enter a list of ports + read -p "Enter the ports you want to open (e.g. 80,443,2053 or range 400-500): " ports + + # Check if the input is valid + if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then + echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2 + exit 1 + fi + + # Open the specified ports using ufw + IFS=',' read -ra PORT_LIST <<<"$ports" + for port in "${PORT_LIST[@]}"; do + if [[ $port == *-* ]]; then + # Split the range into start and end ports + start_port=$(echo $port | cut -d'-' -f1) + end_port=$(echo $port | cut -d'-' -f2) + # Loop through the range and open each port + for ((i = start_port; i <= end_port; i++)); do + ufw allow $i + done + else + ufw allow "$port" + fi + done + + # Confirm that the ports are open + ufw status | grep $ports +} + +delete_ports() { + # Prompt the user to enter the ports they want to delete + read -p "Enter the ports you want to delete (e.g. 80,443,2053 or range 400-500): " ports + + # Check if the input is valid + if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then + echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2 + exit 1 + fi + + # Delete the specified ports using ufw + IFS=',' read -ra PORT_LIST <<<"$ports" + for port in "${PORT_LIST[@]}"; do + if [[ $port == *-* ]]; then + # Split the range into start and end ports + start_port=$(echo $port | cut -d'-' -f1) + end_port=$(echo $port | cut -d'-' -f2) + # Loop through the range and delete each port + for ((i = start_port; i <= end_port; i++)); do + ufw delete allow $i + done + else + ufw delete allow "$port" + fi + done + + # Confirm that the ports are deleted + echo "Deleted the specified ports:" + ufw status | grep $ports +} + +bbr_menu() { + echo -e "${green}\t1.${plain} Enable BBR" + echo -e "${green}\t2.${plain} Disable BBR" + echo -e "${green}\t0.${plain} Back to Main Menu" + read -p "Choose an option: " choice + case "$choice" in + 0) + show_menu + ;; + 1) + enable_bbr + ;; + 2) + disable_bbr + ;; + *) echo "Invalid choice" ;; + esac +} + +disable_bbr() { + + if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then + echo -e "${yellow}BBR is not currently enabled.${plain}" + exit 0 + fi + + # Replace BBR with CUBIC configurations + sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf + sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf + + # Apply changes + sysctl -p + + # Verify that BBR is replaced with CUBIC + if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then + echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}" + else + echo -e "${red}Failed to replace BBR with CUBIC. Please check your system configuration.${plain}" + fi +} + +enable_bbr() { + if grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf && grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then + echo -e "${green}BBR is already enabled!${plain}" + exit 0 + fi + + # Check the OS and install necessary packages + case "${release}" in + ubuntu | debian) + apt-get update && apt-get install -yqq --no-install-recommends ca-certificates + ;; + centos | almalinux | rocky) + yum -y update && yum -y install ca-certificates + ;; + fedora) + dnf -y update && dnf -y install ca-certificates + ;; + *) + echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n" + exit 1 + ;; + esac + + # Enable BBR + echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf + echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf + + # Apply changes + sysctl -p + + # Verify that BBR is enabled + if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then + echo -e "${green}BBR has been enabled successfully.${plain}" + else + echo -e "${red}Failed to enable BBR. Please check your system configuration.${plain}" + fi +} + update_geo() { cd /usr/local/x-ui/bin echo -e "${green}\t1.${plain} Update Geofiles [Recommended choice] " @@ -667,6 +849,40 @@ update_geo() { esac } +run_speedtest() { + # Check if Speedtest is already installed + if ! command -v speedtest &>/dev/null; then + # If not installed, install it + local pkg_manager="" + local speedtest_install_script="" + + if command -v dnf &>/dev/null; then + pkg_manager="dnf" + speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.rpm.sh" + elif command -v yum &>/dev/null; then + pkg_manager="yum" + speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.rpm.sh" + elif command -v apt-get &>/dev/null; then + pkg_manager="apt-get" + speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh" + elif command -v apt &>/dev/null; then + pkg_manager="apt" + speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh" + fi + + if [[ -z $pkg_manager ]]; then + echo "Error: Package manager not found. You may need to install Speedtest manually." + return 1 + else + curl -s $speedtest_install_script | bash + $pkg_manager install -y speedtest + fi + fi + + # Run Speedtest + speedtest +} + show_usage() { echo "X-UI Control Menu Usage" echo "------------------------------------------" @@ -711,14 +927,16 @@ show_menu() { ${green}14.${plain} Enable Autostart ${green}15.${plain} Disable Autostart ———————————————— - ${green}16.${plain} A Key Installation BBR (latest kernel) - ${green}17.${plain} SSL Certificate Management - ${green}18.${plain} Cloudflare SSL Certificate - ${green}19.${plain} Update Geo Files + ${green}16.${plain} SSL Certificate Management + ${green}17.${plain} Cloudflare SSL Certificate + ${green}18.${plain} Firewall Management ———————————————— + ${green}19.${plain} Enable or Disable BBR + ${green}20.${plain} Update Geo Files + ${green}21.${plain} Speedtest by Ookla " show_status - echo && read -p "Please enter your selection [0-19]: " num + echo && read -p "Please enter your selection [0-21]: " num case "${num}" in 0) @@ -770,19 +988,25 @@ show_menu() { check_install && disable ;; 16) - install_bbr - ;; - 17) ssl_cert_issue_main ;; - 18) + 17) ssl_cert_issue_CF ;; + 18) + firewall_menu + ;; 19) + bbr_menu + ;; + 20) update_geo ;; + 21) + run_speedtest + ;; *) - LOGE "Please enter the correct number [0-19]" + LOGE "Please enter the correct number [0-21]" ;; esac }