MAC Address ALLOW/DROP Script

Discussion regarding the installation and configuration of Linux distributions.
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

MAC Address ALLOW/DROP Script

Postby LinuxFreaK » Sat Aug 21, 2004 3:19 am

Dear All Users.
Salam,

All you need to just copy these scripts and use them.

# touch /sbin/addmac
# chmod 744 /sbin/addmac
# pico /sbin/addmac


#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"

f() { MAC=$1 ; shift ; echo "$MAC #$*"; }

allow() {
args=$1
args1=$2
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_ALLOW

if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}

backup() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
alias cp='cp -i'
}

block() {
args=$1
alias cp='cp'
echo $args >> $MAC_DENY
grep -v $args $MAC_ALLOW > ${MAC_ALLOW}.tmp
cp -f ${MAC_ALLOW}.tmp $MAC_ALLOW
rm -f ${MAC_ALLOW}.tmp
}

deny() {
args=$1
args1=$2
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}

find() {
args=$1
args1=$2
if [ $1 = "allow" ]; then
cat $MAC_ALLOW | grep $args1
else
cat $MAC_DENY | grep $args1
fi
}

unblock() {
args=$1
alias cp='cp'
echo $args >> $MAC_ALLOW
grep -v $args $MAC_DENY > ${MAC_DENY}.tmp
cp -f ${MAC_DENY}.tmp $MAC_DENY
rm -f ${MAC_DENY}.tmp
}

restore() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}

# See how we were called.
case "$1" in
allow)
allow $2 $3
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3
;;
find)
find $2 $3
;;
restore)
restore $2
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|restore|unblock} MAC Address"
exit 1
esac


# touch /sbin/maccheck
# chmod 744 /sbin/maccheck
# pico /sbin/maccheck


#
# MAC Check Script
# This Script Will Add Allowed and Blocked Users in Firewall
#
#!/bin/sh

echo -e "Loading MAC Address...."
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

echo -e "MAC Address Loaded Successfully...."


My mac.allow file

# cat /etc/mac.allow
00:C0:05:01:87:20
00:C0:05:02:0E:92
00:C0:05:02:00:68
00:C0:05:01:87:20
00:C0:09:10:87:D0


My mac.deny file

# cat /etc/mac.deny
00:C0:05:02:0E:91
00:00:0C:8E:55:11


You need to add following line in your /etc/rc.d/rc.local

exec /sbin/checkmac

Best Regards.
Last edited by LinuxFreaK on Sun Aug 22, 2004 10:19 am, edited 1 time in total.
Farrukh Ahmed

mahin
Major
Posts: 605
Joined: Wed Aug 07, 2002 8:00 pm
Location: Karachi
Contact:

Postby mahin » Sat Aug 21, 2004 10:41 am


nomy
Cadet
Posts: 2
Joined: Tue Jun 01, 2004 8:39 pm
Location: Karachi

RE: MAC Address ALLOW/DROP Script

Postby nomy » Sat Aug 21, 2004 1:12 pm


sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

Nice way to teack Mr. Farrukh (The GURU)

Postby sarthor » Sat Aug 21, 2004 6:38 pm

Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sun Aug 22, 2004 12:03 am

Last edited by LinuxFreaK on Sun Aug 22, 2004 11:32 am, edited 11 times in total.
Farrukh Ahmed

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sun Aug 22, 2004 9:53 am

Farrukh Ahmed

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

U have proved that u r the Real GURU

Postby sarthor » Sun Aug 22, 2004 9:39 pm

Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Updated MAC Script for DCN's

Postby LinuxFreaK » Fri Aug 27, 2004 6:58 am

Dear All PLUCian's,
Salam,

#
# ADD MAC SCRIPT
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# This Script will add/remove, block/unblock users access in a LAN/DCN (Deci Cable Net)
# Script Created by Farrukh Ahmed (aka LinuxFreak) of LinuxPakistan dot Net
# For any help, comment please visit http://www.linuxpakistan.net/forum2x/
#

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"

allow() {
if [ $# != 3 ]; then
echo -e "Usage : addmac allow <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_ALLOW})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}

backup() {
if [ $# != 1 ]; then
echo "Usage: addmac backup <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
if [ $args="deny" ]; then
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
fi
alias cp='cp -i'
}

block() {
if [ $# != 1 ]; then
echo "Usage: addmac block <MAC Address>";
exit 1
fi
args=$1
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_ALLOW} && echo ${line} >> ${MAC_DENY}
fi
done<${MAC_ALLOW}
}

deny() {
if [ $# != 3 ]; then
echo "Usage : addmac deny <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_DENY})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}

find() {
if [ $# != 2 ]; then
echo "Usage : addmac find <allow/deny> <MAC Address>";
exit 1
fi
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 = "all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}

restore() {
if [ $* != $1 ]; then
echo "Usage: addmac restore <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}

searchmac() {
if [ $# != 1]; then
echo "Usage : addmac searchmac";
exit 1
fi
arp -n | awk '{if($1~/Address/){print "IP",$1,"\t",$3}else{print $1,"\t",$3}
}' | sed 's/HWa/MAC A/'
}

unblock() {
if [ $# != 1 ]; then
echo "Usage: addmac unblock <MAC Address>";
exit 1
fi
args=$1;
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_DENY} && echo ${line} >> ${MAC_ALLOW}
fi
done<${MAC_DENY}
}

case "$1" in
allow)
allow $2 $3 $4
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3 $4
;;
find)
find $2 $3
;;
restore)
restore $2
;;
searchmac)
searchmac
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|searchmac|unblock} MAC Address"
exit 1
esac


Best Regards.
Farrukh Ahmed

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

want to Ban all mac addresses execpt several

Postby sarthor » Thu Sep 09, 2004 4:31 pm

Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Fri Sep 10, 2004 3:42 pm

Farrukh Ahmed

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

My Ip is 192.168.0.1

Postby sarthor » Fri Sep 10, 2004 7:17 pm

Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Fri Sep 10, 2004 11:12 pm

Dear sarthor,
Salam,

Only Add this line in your maccheck script

/sbin/iptables -I INPUT -p all -s 192.16.9.0.0/24 -j DROP

Best Regards.
Farrukh Ahmed

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

Agian

Postby sarthor » Sat Sep 11, 2004 3:32 am

Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sat Sep 11, 2004 7:06 am

Dear sarthor,
Salam,

Yes, It looks okay

Best Regards.
Farrukh Ahmed

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

Re:

Postby sarthor » Fri Nov 05, 2004 3:33 pm

Last edited by sarthor on Wed Jan 11, 2006 6:04 am, edited 1 time in total.
Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------


Return to “Installation”

Who is online

Users browsing this forum: No registered users and 1 guest