Help in implementing CHECKMAC Script By Farrukh Bhai

Post by **LinuxFreaK** » Wed Oct 03, 2007 5:30 am

Dear A_Karim,
Salam,

Try using below checkmac script.

/sbin/iptables -A INPUT -p all -j DROP

This rule placed at the end of firewall. It should allow squid however i have added another rule which might solve your problem.

Code: Select all

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[b]/sbin/iptables -I INPUT 2 -p tcp --dport 8080 -j ACCEPT[/b]
/sbin/iptables -A INPUT -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."

Best Regards.

A_Karim · Post by **A_Karim** » Wed Oct 03, 2007 1:38 pm

LinuxFreaK wrote:Dear A_Karim,
Salam,

Try using below checkmac script.

/sbin/iptables -A INPUT -p all -j DROP

This rule placed at the end of firewall. It should allow squid however i have added another rule which might solve your problem.

Code: Select all

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[b]/sbin/iptables -I INPUT 2 -p tcp --dport 8080 -j ACCEPT[/b]
/sbin/iptables -A INPUT -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."

Best Regards.

Assalam-o-Alikaum Farrukh Bahi

After applying ur given maccheck squid still unable to start whenever im going to restart or start squid its going to FAILED but when i flush all these rules it works fine.

its my squid messeges after start normally without applying ur maccheck

[messeges]

Oct 3 13:30:55 ks300 (squid): Cannot open HTTP Port
Oct 3 13:30:55 ks300 squid[3016]: Squid Parent: child process 3018 exited due to signal 6
Oct 3 13:30:58 ks300 squid[3016]: Squid Parent: child process 3289 started
Oct 3 13:30:58 ks300 squid[3016]: Squid Parent: child process 3289 exited with status 1
Oct 3 13:31:01 ks300 squid[3016]: Squid Parent: child process 3291 started
Oct 3 13:31:01 ks300 squid[3016]: Squid Parent: child process 3291 exited with status 1
Oct 3 13:31:04 ks300 squid[3016]: Squid Parent: child process 3293 started

may be there is some hint for u ? and please define me what this log shows ? what kind of error this ?

Regards,
AK

Post by **LinuxFreaK** » Sat Oct 06, 2007 7:13 am

Dear A_Karim,
Salam,

How can firewall does not allow process to start. This error is more related to squid, make sure squid shutdown properly.

Best Regards.

linuxpakistan.net

Help in implementing CHECKMAC Script By Farrukh Bhai

Re:

Re:

Re: