MAC Address ALLOW/DROP Script
Posted: Sat Aug 21, 2004 3:19 am
Dear All Users.
Salam,
All you need to just copy these scripts and use them.
# touch /sbin/addmac
# chmod 744 /sbin/addmac
# pico /sbin/addmac
#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
f() { MAC=$1 ; shift ; echo "$MAC #$*"; }
allow() {
args=$1
args1=$2
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
alias cp='cp -i'
}
block() {
args=$1
alias cp='cp'
echo $args >> $MAC_DENY
grep -v $args $MAC_ALLOW > ${MAC_ALLOW}.tmp
cp -f ${MAC_ALLOW}.tmp $MAC_ALLOW
rm -f ${MAC_ALLOW}.tmp
}
deny() {
args=$1
args1=$2
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
args=$1
args1=$2
if [ $1 = "allow" ]; then
cat $MAC_ALLOW | grep $args1
else
cat $MAC_DENY | grep $args1
fi
}
unblock() {
args=$1
alias cp='cp'
echo $args >> $MAC_ALLOW
grep -v $args $MAC_DENY > ${MAC_DENY}.tmp
cp -f ${MAC_DENY}.tmp $MAC_DENY
rm -f ${MAC_DENY}.tmp
}
restore() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
# See how we were called.
case "$1" in
allow)
allow $2 $3
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3
;;
find)
find $2 $3
;;
restore)
restore $2
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|restore|unblock} MAC Address"
exit 1
esac
# touch /sbin/maccheck
# chmod 744 /sbin/maccheck
# pico /sbin/maccheck
#
# MAC Check Script
# This Script Will Add Allowed and Blocked Users in Firewall
#
#!/bin/sh
echo -e "Loading MAC Address...."
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
echo -e "MAC Address Loaded Successfully...."
My mac.allow file
# cat /etc/mac.allow
00:C0:05:01:87:20
00:C0:05:02:0E:92
00:C0:05:02:00:68
00:C0:05:01:87:20
00:C0:09:10:87:D0
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91
00:00:0C:8E:55:11
You need to add following line in your /etc/rc.d/rc.local
exec /sbin/checkmac
Best Regards.
Salam,
All you need to just copy these scripts and use them.
# touch /sbin/addmac
# chmod 744 /sbin/addmac
# pico /sbin/addmac
#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
f() { MAC=$1 ; shift ; echo "$MAC #$*"; }
allow() {
args=$1
args1=$2
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
alias cp='cp -i'
}
block() {
args=$1
alias cp='cp'
echo $args >> $MAC_DENY
grep -v $args $MAC_ALLOW > ${MAC_ALLOW}.tmp
cp -f ${MAC_ALLOW}.tmp $MAC_ALLOW
rm -f ${MAC_ALLOW}.tmp
}
deny() {
args=$1
args1=$2
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
args=$1
args1=$2
if [ $1 = "allow" ]; then
cat $MAC_ALLOW | grep $args1
else
cat $MAC_DENY | grep $args1
fi
}
unblock() {
args=$1
alias cp='cp'
echo $args >> $MAC_ALLOW
grep -v $args $MAC_DENY > ${MAC_DENY}.tmp
cp -f ${MAC_DENY}.tmp $MAC_DENY
rm -f ${MAC_DENY}.tmp
}
restore() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
# See how we were called.
case "$1" in
allow)
allow $2 $3
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3
;;
find)
find $2 $3
;;
restore)
restore $2
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|restore|unblock} MAC Address"
exit 1
esac
# touch /sbin/maccheck
# chmod 744 /sbin/maccheck
# pico /sbin/maccheck
#
# MAC Check Script
# This Script Will Add Allowed and Blocked Users in Firewall
#
#!/bin/sh
echo -e "Loading MAC Address...."
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
echo -e "MAC Address Loaded Successfully...."
My mac.allow file
# cat /etc/mac.allow
00:C0:05:01:87:20
00:C0:05:02:0E:92
00:C0:05:02:00:68
00:C0:05:01:87:20
00:C0:09:10:87:D0
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91
00:00:0C:8E:55:11
You need to add following line in your /etc/rc.d/rc.local
exec /sbin/checkmac
Best Regards.