A Python-based cybersecurity automation tool for managing IP allow lists in restricted networks. The tool validates IP addresses, removes restricted IPs, generates audit logs, creates timestamped backups, and supports verbose and dry-run execution.
In security-sensitive environments such as healthcare organizations, access to restricted resources must be carefully controlled. This project automates the maintenance of IP allow lists by removing unauthorized or restricted IP addresses while maintaining audit trails and backups.
The tool is designed with secure scripting practices commonly used in security operations and system administration.
- Validate IPv4 and IPv6 addresses
- Remove restricted IPs from allow lists
- Detect and remove invalid IP addresses
- Generate timestamped audit logs
- Create timestamped backups before modification
- Support verbose mode for detailed execution logs
- Support dry-run mode to preview changes safely
- Generate execution summaries
- Command-line interface using
argparse - Robust exception handling
ip-access-manager/
│
├── ip_access_manager.py
├── allow.txt
├── remove.txt
├── README.md
├── LICENSE
├── .gitignore
├── log.txt # Generated during execution
└── backups/ # Generated during execution
- Python 3.8 or higher
No external dependencies are required. The project uses only Python's standard library.
python ip_access_manager.py sample_allowed_ips.txt sample_remove_ips.txtDisplays detailed execution information.
python ip_access_manager.py sample_allowed_ips.txt sample_remove_ips.txt -vPreviews all changes without modifying any files.
python ip_access_manager.py sample_allowed_ips.txt sample_remove_ips.txt --dry-runpython ip_access_manager.py sample_allowed_ips.txt sample_remove_ips.txt -v --dry-runContains IP addresses currently permitted to access restricted resources.
Example:
192.168.1.10
192.168.1.20
10.0.0.1
172.16.0.5
Contains IP addresses that must be removed from the allow list.
Example:
192.168.1.20
10.0.0.1
During execution, the tool:
- Validates all IP addresses
- Removes invalid IPs
- Removes restricted IPs from the allow list
- Creates timestamped backups
- Updates the allow list
- Records actions in an audit log
- Generates a summary report
Example summary:
================= Summary =================
Dry Run : No
Initial allowed IPs : 14
Initial restricted IPs: 6
Invalid IPs : 4
Removed IPs : 4
Remaining IPs : 8
Files Modified : Yes
Backup created : Yes
Log file updated : log.txt
The following screenshot shows the tool running in verbose mode with dry-run enabled. No files are modified, and the tool displays the actions that would have been performed.
The tool maintains audit logs with timestamps and updates the allow list after processing.
Verbose mode provides detailed information about each operation, including invalid IP removal and restricted IP filtering.
Before modifying any files, timestamped backups are automatically created to ensure recoverability.
All modifications and validation failures are recorded in log.txt with timestamps.
Example:
2026-08-07 14:32:10 Removed IP address: 192.168.1.20
2026-08-07 14:32:15 Invalid IP address found in allow list: abc.def.ghi.jkl
Before modifying any files, the tool automatically creates timestamped backups:
backups/
├── backup_allow_list_20260807_143210.txt
└── backup_restricted_list_20260807_143210.txt
This ensures recoverability and preserves historical records.
- Input validation using the
ipaddressmodule - Audit logging for traceability
- Backup creation before modification
- Safe dry-run execution
- Exception handling for reliability
- Support CIDR ranges
- Export logs in CSV format
- Interactive command-line mode
- Firewall API integration
- User authentication and role-based access
Dhakshitha Deivanai
B.Tech CSE (Cyber Security)
This project is licensed under the MIT License.