Skip to content

r0073rr0r/UnusedPort

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

12 Commits
.github
.github
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
README.sr.md
README.sr.md
Β 
Β 
SECURITY.md
SECURITY.md
Β 
Β 
unused_port.sh
unused_port.sh
Β 
Β 

Repository files navigation

πŸ” Unused Port Checker

A script for checking and removing unused ports from firewall rules (UFW or iptables).

πŸ“‹ Description

This bash script checks which ports from firewall rules are currently not in use. It can:

  • βœ… Check all ports from firewall rules
  • βœ… Check a specific port
  • βœ… Display unused ports
  • βœ… Remove unused ports from firewall (with backup option)
  • βœ… Restore removed rules from backup

πŸ“¦ Requirements

  • 🐧 Linux operating system
  • πŸ’» Bash shell
  • πŸ”₯ UFW or iptables firewall
  • πŸ”Œ ss or lsof for port checking
  • πŸ” Root privileges for removing rules (iptables requires root for reading rules too)

πŸš€ Installation

Option 1: Using APT Repository (Recommended)

Install from the official APT repository:

  • Add the repository and GPG key:
# Download and add the GPG key
curl -fsSL https://peace.dbase.in.rs/public.key | sudo gpg --dearmor -o /usr/share/keyrings/peace-repo.gpg

# Add the repository
echo "deb [signed-by=/usr/share/keyrings/peace-repo.gpg] https://peace.dbase.in.rs stable main" | sudo tee /etc/apt/sources.list.d/peace.list
  • Update package list and install:
sudo apt update
sudo apt install unused-port
  • Verify installation:
unused_port --help

Option 2: Using Git (Full Repository)

  • Clone the repository:
git clone https://github.com/r0073rr0r/UnusedPort.git
cd UnusedPort
  • Make it executable:
chmod +x unused_port.sh

Option 3: Using curl (Script Only)

Download only the script:

curl -o unused_port.sh https://raw.githubusercontent.com/r0073rr0r/UnusedPort/main/unused_port.sh
chmod +x unused_port.sh

Option 4: Using wget (Script Only)

Download only the script:

wget https://raw.githubusercontent.com/r0073rr0r/UnusedPort/main/unused_port.sh
chmod +x unused_port.sh

πŸ’‘ Usage

asciicast

Basic Commands

# Check all UFW ports (uses ss by default)
./unused_port.sh

# Check a specific port
./unused_port.sh -p 8080

# Check iptables ports
./unused_port.sh --iptables

# Show what would be removed (dry-run)
./unused_port.sh --dry-run

# Remove unused ports (with backup and confirmation)
sudo ./unused_port.sh --remove

# Remove unused ports without confirmation
sudo ./unused_port.sh --remove --yes

Options

Option Description
-p, --port PORT Check a specific port
-r, --remove Remove unused ports from firewall
-d, --dry-run Show what would be removed without actually removing
-y, --yes Skip confirmation prompt (use with --remove)
--force Skip backup creation when removing (not recommended)
--restore [FILE] Restore firewall rules from the last backup (or from FILE if provided)
--restore-from FILE Restore firewall rules from a specific backup file
--list-backups List all available backup files
--show-last-backup Show the path to the last backup file
--ss Use 'ss' for port checking (default)
--lsof Use 'lsof' for port checking
--ufw Use UFW firewall (default)
--iptables Use iptables firewall
-h, --help Show help message

Examples

# Check port 8080
./unused_port.sh -p 8080

# Check iptables ports using lsof
./unused_port.sh --iptables --lsof

# Preview unused ports
./unused_port.sh --dry-run

# Remove unused ports with backup
sudo ./unused_port.sh --remove

# Remove without confirmation
sudo ./unused_port.sh --remove --yes

# Restore rules from last backup
sudo ./unused_port.sh --restore

# Restore rules from specific backup file
sudo ./unused_port.sh --restore-from firewall_backup_ufw_20240101_120000.txt

# List all backup files
./unused_port.sh --list-backups

πŸ’Ύ Backup and Restore

The script automatically creates a backup before removing rules (unless --force is used). Backup files are stored in:

  • ~/.unused_port_backups/ (if possible)
  • /tmp/unused_port_backups/ (fallback)

Each backup file has the format: firewall_backup_<tool>_<date>_<time>.txt

The script also creates a symlink to the latest backup for easier restoration.

Restore Commands

# Restore from last backup
sudo ./unused_port.sh --restore

# Restore from specific file
sudo ./unused_port.sh --restore-from firewall_backup_ufw_20240101_120000.txt

# List all backups
./unused_port.sh --list-backups

# Show last backup
./unused_port.sh --show-last-backup

⚠️ Security

⚠️ WARNING: Removing firewall rules can affect system security and connectivity. Always:

  • πŸ“ Review what will be removed before confirming
  • πŸ” Use --dry-run option first
  • 🚫 Don't use --force unless you're sure
  • πŸ’Ύ Keep backup files in a safe place

πŸ› οΈ Support

  • πŸ”₯ UFW: Requires UFW firewall
  • πŸ” iptables: Requires root privileges for reading and writing rules
  • ⚑ ss: Faster than lsof, recommended
  • πŸ”Œ lsof: Alternative if ss is not available

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ‘€ Author

Velimir Majstorov

🀝 Contributing

Contributions, issues, and feature requests are welcome! Feel free to check the Contributing Guide and Code of Conduct.

About

A script for checking and removing unused ports from firewall rules (UFW or iptables).

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.0.4 Latest
Nov 27, 2025
+ 2 releases

Sponsor this project

Packages

 
 
 

Contributors

Languages