MAC Address ALLOW/DROP Script
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
MAC Address ALLOW/DROP Script
Dear All Users.
Salam,
All you need to just copy these scripts and use them.
# touch /sbin/addmac
# chmod 744 /sbin/addmac
# pico /sbin/addmac
#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
f() { MAC=$1 ; shift ; echo "$MAC #$*"; }
allow() {
args=$1
args1=$2
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
alias cp='cp -i'
}
block() {
args=$1
alias cp='cp'
echo $args >> $MAC_DENY
grep -v $args $MAC_ALLOW > ${MAC_ALLOW}.tmp
cp -f ${MAC_ALLOW}.tmp $MAC_ALLOW
rm -f ${MAC_ALLOW}.tmp
}
deny() {
args=$1
args1=$2
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
args=$1
args1=$2
if [ $1 = "allow" ]; then
cat $MAC_ALLOW | grep $args1
else
cat $MAC_DENY | grep $args1
fi
}
unblock() {
args=$1
alias cp='cp'
echo $args >> $MAC_ALLOW
grep -v $args $MAC_DENY > ${MAC_DENY}.tmp
cp -f ${MAC_DENY}.tmp $MAC_DENY
rm -f ${MAC_DENY}.tmp
}
restore() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
# See how we were called.
case "$1" in
allow)
allow $2 $3
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3
;;
find)
find $2 $3
;;
restore)
restore $2
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|restore|unblock} MAC Address"
exit 1
esac
# touch /sbin/maccheck
# chmod 744 /sbin/maccheck
# pico /sbin/maccheck
#
# MAC Check Script
# This Script Will Add Allowed and Blocked Users in Firewall
#
#!/bin/sh
echo -e "Loading MAC Address...."
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
echo -e "MAC Address Loaded Successfully...."
My mac.allow file
# cat /etc/mac.allow
00:C0:05:01:87:20
00:C0:05:02:0E:92
00:C0:05:02:00:68
00:C0:05:01:87:20
00:C0:09:10:87:D0
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91
00:00:0C:8E:55:11
You need to add following line in your /etc/rc.d/rc.local
exec /sbin/checkmac
Best Regards.
Salam,
All you need to just copy these scripts and use them.
# touch /sbin/addmac
# chmod 744 /sbin/addmac
# pico /sbin/addmac
#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
f() { MAC=$1 ; shift ; echo "$MAC #$*"; }
allow() {
args=$1
args1=$2
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
alias cp='cp -i'
}
block() {
args=$1
alias cp='cp'
echo $args >> $MAC_DENY
grep -v $args $MAC_ALLOW > ${MAC_ALLOW}.tmp
cp -f ${MAC_ALLOW}.tmp $MAC_ALLOW
rm -f ${MAC_ALLOW}.tmp
}
deny() {
args=$1
args1=$2
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
args=$1
args1=$2
if [ $1 = "allow" ]; then
cat $MAC_ALLOW | grep $args1
else
cat $MAC_DENY | grep $args1
fi
}
unblock() {
args=$1
alias cp='cp'
echo $args >> $MAC_ALLOW
grep -v $args $MAC_DENY > ${MAC_DENY}.tmp
cp -f ${MAC_DENY}.tmp $MAC_DENY
rm -f ${MAC_DENY}.tmp
}
restore() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
# See how we were called.
case "$1" in
allow)
allow $2 $3
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3
;;
find)
find $2 $3
;;
restore)
restore $2
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|restore|unblock} MAC Address"
exit 1
esac
# touch /sbin/maccheck
# chmod 744 /sbin/maccheck
# pico /sbin/maccheck
#
# MAC Check Script
# This Script Will Add Allowed and Blocked Users in Firewall
#
#!/bin/sh
echo -e "Loading MAC Address...."
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
echo -e "MAC Address Loaded Successfully...."
My mac.allow file
# cat /etc/mac.allow
00:C0:05:01:87:20
00:C0:05:02:0E:92
00:C0:05:02:00:68
00:C0:05:01:87:20
00:C0:09:10:87:D0
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91
00:00:0C:8E:55:11
You need to add following line in your /etc/rc.d/rc.local
exec /sbin/checkmac
Best Regards.
Last edited by LinuxFreaK on Sun Aug 22, 2004 10:19 am, edited 1 time in total.
Farrukh Ahmed
RE: MAC Address ALLOW/DROP Script
Aoa,/ Hi FA,
well written save it....but we can also done thing through SQUID PROXY.
Kind regards,
nomy
well written save it....but we can also done thing through SQUID PROXY.
Kind regards,
nomy
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
Nice way to teack Mr. Farrukh (The GURU)
Salam O Alykum
Boss While i am the most dull minded of all the ppl, So i am still needing some explation for this file
wat to do for this file. Is it the part of /sbin/maccheck, Or we have to make separately the files for mac.allow and mac.deny
PLz Explain it a bit here and also tell us how to add the mac addresses in that file, By editing that files or there is some speciall command Like #sh /addmac, that you have told me on fone,
Alwida
Boss While i am the most dull minded of all the ppl, So i am still needing some explation for this file
wat to do for this file. Is it the part of /sbin/maccheck, Or we have to make separately the files for mac.allow and mac.deny
PLz Explain it a bit here and also tell us how to add the mac addresses in that file, By editing that files or there is some speciall command Like #sh /addmac, that you have told me on fone,
Will wait for your replayMy mac.allow file
# cat /etc/mac.allow
00:C0:05:01:87:20
00:C0:05:02:0E:92
00:C0:05:02:00:68
00:C0:05:01:87:20
00:C0:09:10:87:D0
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91
00:00:0C:8E:55:11
Alwida
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear sarthor,
Salam,
1. Text in black color like this are my narration / Instructions
2. Text in bold black like this are commands
3. Text in blue must be in /sbin/maccheck
4. Text in bold blue is user specific. You have to change according to you actual data
5. Text in brown is the part of command should be combined with user data in bold blue
Instructions
1. First Copy these two files from appendix of this tutorial into your /sbin folder
# cp addmac maccheck /sbin
2. Change permissions of both files.
# chmod 744 /sbin/addmac /sbin/maccheck
3. How to Add / / Unblock / Find / Backup / Restore Mac Address.
# addmac allow 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.allow)
4. How to Block Mac Address
# addmac block 00:00:91:0D:5C:90 Farrukh Ahmed (it will block given mac address from /etc/mac.allow and insert in /etc/mac.deny)
5. How to Restore Mac Address
# addmac deny 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.deny)
6. How to find from allowed Mac Address
# addmac find allow 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.allow)
7. How to find from denied Mac Address
# addmac find deny 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.deny)
6. How to unblock Mac Address
# addmac unblock 00:00:91:0D:5C:90 (it will unblock given mac address from /etc/mac.deny and insert in /etc/mac.allow)
7. How to backup allowed Mac Address
# addmac backup allow (it will backup /etc/mac.allow to /etc/mac.allow.bak)
8. How to backup denied Mac Address
# addmac backup deny (it will backup /etc/mac.deny to /etc/mac.deny.bak)
9. How to restore allowed Mac Address
# addmac restore allow (it will restore /etc/mac.allow.bak to /etc/mac.allow)
10. How to restore denied Mac Address
# addmac restore deny (it will restore /etc/mac.deny.bak to /etc/mac.deny)
Note: when ever you Add/Remove/Block/Unblock MAC Address you must Run /sbin/maccheck
In the last of your /etc/rd.d/rc.local add following line
exec /sbin/maccheck
My mac.allow file look like
# cat /etc/mac.allow
00:C0:05:01:87:20 #Farrukh Ahmed
00:C0:05:02:0E:92 #Tariq Bahi
00:C0:05:02:00:68 #Sheraz
00:C0:05:01:87:20 #Badar
00:C0:09:10:87:D0 #Tauqeer
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91 #Asif Khan
00:00:0C:8E:55:11 #Meraj Rasool Khattak
Appendix
Following are the two scripts mentioned in the Tutorial Above
Script No. 1
# touch /sbin/maccheck
This will create blank file in /sbin
# pico /sbin/maccheck
This will open blank file which you created before. Now copy and paste here the MAC Check Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/maccheck
This will change the permission of the /sbin/maccheck file
Content of /sbin/maccheck
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
echo -e "MAC Address Loaded Successfully...."
Script No. 2
# touch /sbin/addmac
This will create blank file in /sbin
# pico /sbin/addmac
This will open blank file which you created before. Now copy and paste here the ADD MAC Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/addmac
This will change the permission of the /sbin/addmac file
Content of /sbin/addmac
#
#!/bin/sh
# ADD MAC Script
# This Script will add/remove, block/unblock users access in a LAN/DCN (Deci Cable Net)
# Script Created by Farrukh Ahmed (aka LinuxFreak) of Linux Pakistan dot Net
# For any help, comment please visit http://www.linuxpakistan.net/forum2x/
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
f() { MAC=$1 ; shift ; echo "$MAC #$*"; }
allow() {
args=$1
args1=$2
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
alias cp='cp -i'
}
block() {
args=$1
alias cp='cp'
echo $args >> $MAC_DENY
grep -v $args $MAC_ALLOW > ${MAC_ALLOW}.tmp
cp -f ${MAC_ALLOW}.tmp $MAC_ALLOW
rm -f ${MAC_ALLOW}.tmp
}
deny() {
args=$1
args1=$2
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 ="all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}
unblock() {
args=$1
alias cp='cp'
echo $args >> $MAC_ALLOW
grep -v $args $MAC_DENY > ${MAC_DENY}.tmp
cp -f ${MAC_DENY}.tmp $MAC_DENY
rm -f ${MAC_DENY}.tmp
}
restore() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
# See how we were called.
case "$1" in
allow)
allow $2 $3
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3
;;
find)
find $2 $3
;;
restore)
restore $2
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|unblock} MAC Address"
exit 1
esac
Best Regards.
Salam,
Dude you don't need to create any file it will create file if it does not exits.sarthor wrote:wat to do for this file. Is it the part of /sbin/maccheck, Or we have to make separately the files for mac.allow and mac.deny
Legendsarthor wrote:PLz Explain it a bit here and also tell us how to add the mac addresses in that file, By editing that files or there is some speciall command Like #sh /addmac, that you have told me on fone
1. Text in black color like this are my narration / Instructions
2. Text in bold black like this are commands
3. Text in blue must be in /sbin/maccheck
4. Text in bold blue is user specific. You have to change according to you actual data
5. Text in brown is the part of command should be combined with user data in bold blue
Instructions
1. First Copy these two files from appendix of this tutorial into your /sbin folder
# cp addmac maccheck /sbin
2. Change permissions of both files.
# chmod 744 /sbin/addmac /sbin/maccheck
3. How to Add / / Unblock / Find / Backup / Restore Mac Address.
# addmac allow 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.allow)
4. How to Block Mac Address
# addmac block 00:00:91:0D:5C:90 Farrukh Ahmed (it will block given mac address from /etc/mac.allow and insert in /etc/mac.deny)
5. How to Restore Mac Address
# addmac deny 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.deny)
6. How to find from allowed Mac Address
# addmac find allow 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.allow)
7. How to find from denied Mac Address
# addmac find deny 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.deny)
6. How to unblock Mac Address
# addmac unblock 00:00:91:0D:5C:90 (it will unblock given mac address from /etc/mac.deny and insert in /etc/mac.allow)
7. How to backup allowed Mac Address
# addmac backup allow (it will backup /etc/mac.allow to /etc/mac.allow.bak)
8. How to backup denied Mac Address
# addmac backup deny (it will backup /etc/mac.deny to /etc/mac.deny.bak)
9. How to restore allowed Mac Address
# addmac restore allow (it will restore /etc/mac.allow.bak to /etc/mac.allow)
10. How to restore denied Mac Address
# addmac restore deny (it will restore /etc/mac.deny.bak to /etc/mac.deny)
Note: when ever you Add/Remove/Block/Unblock MAC Address you must Run /sbin/maccheck
In the last of your /etc/rd.d/rc.local add following line
exec /sbin/maccheck
My mac.allow file look like
# cat /etc/mac.allow
00:C0:05:01:87:20 #Farrukh Ahmed
00:C0:05:02:0E:92 #Tariq Bahi
00:C0:05:02:00:68 #Sheraz
00:C0:05:01:87:20 #Badar
00:C0:09:10:87:D0 #Tauqeer
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91 #Asif Khan
00:00:0C:8E:55:11 #Meraj Rasool Khattak
Appendix
Following are the two scripts mentioned in the Tutorial Above
Script No. 1
# touch /sbin/maccheck
This will create blank file in /sbin
# pico /sbin/maccheck
This will open blank file which you created before. Now copy and paste here the MAC Check Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/maccheck
This will change the permission of the /sbin/maccheck file
Content of /sbin/maccheck
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
echo -e "MAC Address Loaded Successfully...."
Script No. 2
# touch /sbin/addmac
This will create blank file in /sbin
# pico /sbin/addmac
This will open blank file which you created before. Now copy and paste here the ADD MAC Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/addmac
This will change the permission of the /sbin/addmac file
Content of /sbin/addmac
#
#!/bin/sh
# ADD MAC Script
# This Script will add/remove, block/unblock users access in a LAN/DCN (Deci Cable Net)
# Script Created by Farrukh Ahmed (aka LinuxFreak) of Linux Pakistan dot Net
# For any help, comment please visit http://www.linuxpakistan.net/forum2x/
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
f() { MAC=$1 ; shift ; echo "$MAC #$*"; }
allow() {
args=$1
args1=$2
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
alias cp='cp -i'
}
block() {
args=$1
alias cp='cp'
echo $args >> $MAC_DENY
grep -v $args $MAC_ALLOW > ${MAC_ALLOW}.tmp
cp -f ${MAC_ALLOW}.tmp $MAC_ALLOW
rm -f ${MAC_ALLOW}.tmp
}
deny() {
args=$1
args1=$2
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args #$args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 ="all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}
unblock() {
args=$1
alias cp='cp'
echo $args >> $MAC_ALLOW
grep -v $args $MAC_DENY > ${MAC_DENY}.tmp
cp -f ${MAC_DENY}.tmp $MAC_DENY
rm -f ${MAC_DENY}.tmp
}
restore() {
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
# See how we were called.
case "$1" in
allow)
allow $2 $3
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3
;;
find)
find $2 $3
;;
restore)
restore $2
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|unblock} MAC Address"
exit 1
esac
Best Regards.
Last edited by LinuxFreaK on Sun Aug 22, 2004 11:32 am, edited 11 times in total.
Farrukh Ahmed
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear nomy,
Salam,
# service squid restart
Best Regards.
Salam,
Yes it can be done by squid proxy server but you need to restart your service every time. you can put the following code in your /etc/squid/squid.confnomy wrote:well written save it....but we can also done thing through SQUID PROXY.
Code: Select all
acl client1 arp 01:02:03:04:05:06
acl client2 arp 11:12:13:14:15:16
http_access allow client1
http_access allow client2
http_access deny all
Best Regards.
Farrukh Ahmed
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
U have proved that u r the Real GURU
Salam O Alykum
Hey, Farrukh Ahamd!!
Boss you have proved that u r the real guru for the ppl here in the linuxpakistan.net.
Thanx for telling us in such simple way
Inshalahl i wil try to do as you ahve told us in the this new post
Okay....Will see your way for needing more help from you about linux
again thanx a lot
Allah Hafiz and "Aap ko Allah Ajar Dai"
Hey, Farrukh Ahamd!!
Boss you have proved that u r the real guru for the ppl here in the linuxpakistan.net.
Thanx for telling us in such simple way
Inshalahl i wil try to do as you ahve told us in the this new post
Okay....Will see your way for needing more help from you about linux
again thanx a lot
Allah Hafiz and "Aap ko Allah Ajar Dai"
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Updated MAC Script for DCN's
Dear All PLUCian's,
Salam,
#
# ADD MAC SCRIPT
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# This Script will add/remove, block/unblock users access in a LAN/DCN (Deci Cable Net)
# Script Created by Farrukh Ahmed (aka LinuxFreak) of LinuxPakistan dot Net
# For any help, comment please visit http://www.linuxpakistan.net/forum2x/
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
allow() {
if [ $# != 3 ]; then
echo -e "Usage : addmac allow <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_ALLOW})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
if [ $# != 1 ]; then
echo "Usage: addmac backup <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
if [ $args="deny" ]; then
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
fi
alias cp='cp -i'
}
block() {
if [ $# != 1 ]; then
echo "Usage: addmac block <MAC Address>";
exit 1
fi
args=$1
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_ALLOW} && echo ${line} >> ${MAC_DENY}
fi
done<${MAC_ALLOW}
}
deny() {
if [ $# != 3 ]; then
echo "Usage : addmac deny <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_DENY})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
if [ $# != 2 ]; then
echo "Usage : addmac find <allow/deny> <MAC Address>";
exit 1
fi
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 = "all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}
restore() {
if [ $* != $1 ]; then
echo "Usage: addmac restore <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
searchmac() {
if [ $# != 1]; then
echo "Usage : addmac searchmac";
exit 1
fi
arp -n | awk '{if($1~/Address/){print "IP",$1,"\t",$3}else{print $1,"\t",$3}
}' | sed 's/HWa/MAC A/'
}
unblock() {
if [ $# != 1 ]; then
echo "Usage: addmac unblock <MAC Address>";
exit 1
fi
args=$1;
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_DENY} && echo ${line} >> ${MAC_ALLOW}
fi
done<${MAC_DENY}
}
case "$1" in
allow)
allow $2 $3 $4
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3 $4
;;
find)
find $2 $3
;;
restore)
restore $2
;;
searchmac)
searchmac
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|searchmac|unblock} MAC Address"
exit 1
esac
Best Regards.
Salam,
#
# ADD MAC SCRIPT
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# This Script will add/remove, block/unblock users access in a LAN/DCN (Deci Cable Net)
# Script Created by Farrukh Ahmed (aka LinuxFreak) of LinuxPakistan dot Net
# For any help, comment please visit http://www.linuxpakistan.net/forum2x/
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
allow() {
if [ $# != 3 ]; then
echo -e "Usage : addmac allow <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_ALLOW})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
if [ $# != 1 ]; then
echo "Usage: addmac backup <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
if [ $args="deny" ]; then
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
fi
alias cp='cp -i'
}
block() {
if [ $# != 1 ]; then
echo "Usage: addmac block <MAC Address>";
exit 1
fi
args=$1
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_ALLOW} && echo ${line} >> ${MAC_DENY}
fi
done<${MAC_ALLOW}
}
deny() {
if [ $# != 3 ]; then
echo "Usage : addmac deny <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_DENY})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
if [ $# != 2 ]; then
echo "Usage : addmac find <allow/deny> <MAC Address>";
exit 1
fi
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 = "all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}
restore() {
if [ $* != $1 ]; then
echo "Usage: addmac restore <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
searchmac() {
if [ $# != 1]; then
echo "Usage : addmac searchmac";
exit 1
fi
arp -n | awk '{if($1~/Address/){print "IP",$1,"\t",$3}else{print $1,"\t",$3}
}' | sed 's/HWa/MAC A/'
}
unblock() {
if [ $# != 1 ]; then
echo "Usage: addmac unblock <MAC Address>";
exit 1
fi
args=$1;
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_DENY} && echo ${line} >> ${MAC_ALLOW}
fi
done<${MAC_DENY}
}
case "$1" in
allow)
allow $2 $3 $4
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3 $4
;;
find)
find $2 $3
;;
restore)
restore $2
;;
searchmac)
searchmac
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|searchmac|unblock} MAC Address"
exit 1
esac
Best Regards.
Farrukh Ahmed
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
want to Ban all mac addresses execpt several
Salam O Alykum
The scripts for athentication of macs are working well, but if we want to deny all MACs exept some, wat i have to do for that
For Examle if i want to allow these
00:08:C7:60:6A:D8
00:90:27:A8:32:5C
00:50:FC:89:58:9E
00:60:08:58:57:32
00:50:04:BD:0F:22
00:C0:4F:35:69:D1
00:50:04:AC:B5:47
00:60:97:e5:81:fe
00:c0:4f:48:c4:63
00:60:97:ba:87:85
00:30:1b:15:af:db
00:60:97:D1:43:28
Salam O Alykum
The scripts for athentication of macs are working well, but if we want to deny all MACs exept some, wat i have to do for that
For Examle if i want to allow these
00:08:C7:60:6A:D8
00:90:27:A8:32:5C
00:50:FC:89:58:9E
00:60:08:58:57:32
00:50:04:BD:0F:22
00:C0:4F:35:69:D1
00:50:04:AC:B5:47
00:60:97:e5:81:fe
00:c0:4f:48:c4:63
00:60:97:ba:87:85
00:30:1b:15:af:db
00:60:97:D1:43:28
Salam O Alykum
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Farrukh Ahmed
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
My Ip is 192.168.0.1
Salam O Alykum
Farrukh Bhai, My Lan Ip is 192.168.0.1, So wat changes will need in the tat line below
So will it help in that,
Farrukh bhai....I know i have distured you a lot, but...i compell to do so,
Salam O Alykum
Farrukh Bhai, My Lan Ip is 192.168.0.1, So wat changes will need in the tat line below
And i also use your script of blocking MACs, (addmac, and maccheck wali)# /sbin/iptables -I INPUT -p all -s 192.16.9.0.0/24 -j DROP
So will it help in that,
Farrukh bhai....I know i have distured you a lot, but...i compell to do so,
Salam O Alykum
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear sarthor,
Salam,
Only Add this line in your maccheck script
/sbin/iptables -I INPUT -p all -s 192.16.9.0.0/24 -j DROP
Best Regards.
Salam,
Only Add this line in your maccheck script
/sbin/iptables -I INPUT -p all -s 192.16.9.0.0/24 -j DROP
Best Regards.
Farrukh Ahmed
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
Agian
Salam O Alykum
Farrukh Bhai !!
You have not mention that where i have add that line, i have added it here, Below you can see it, but it didnot worked
Farrukh Bhai !!
You have not mention that where i have add that line, i have added it here, Below you can see it, but it didnot worked
Help me Friends#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
/sbin/iptables -I INPUT -p all -s 192.168.0.0/24 -j DROP
for MAC in `cat /etc/mac.allow`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat /etc/mac.deny`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
echo -e "MAC Address Loaded Successfully...."
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
Re:
Salam O Alykum,LinuxFreaK wrote:Dear sarthor,
Salam,
Only Add this line in your maccheck script
/sbin/iptables -I INPUT -p all -s 192.168.9.0.0/24 -j DROP
Best Regards.
i have put the above line in the maccheck file, but it has stoped all the traffic, Somthing strange here now. So i have reinstalled Linux,
My Server Lan IP is 192.168.0.1, My clients ips are as
192.168.252
192.168.251
192.168.250
192.168.249
192.168.248
and i am running the firewall as belive
the above fiel i used to run from rc.local, i have made its entry thereecho 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
#iptables -t nat -A POSTROUTING -s 192.168.0.1 -o ppp0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 135 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 445 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 139 -j DROP
#iptables -t nat -A PREROUTING -p icmp -j DROP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -p tcp --dport 21 -o ppp0 -j MASQUERADE #FTP
iptables -t nat -A POSTROUTING -p tcp --dport 22 -o ppp0 -j MASQUERADE #ssh
iptables -t nat -A POSTROUTING -p tcp --dport 4800:65000 -o ppp0 -j MASQUERADE
So plz help me..Coz i want to ban all the mac accepts some,
Thanx i will wait for the Reply
Last edited by sarthor on Wed Jan 11, 2006 6:04 am, edited 1 time in total.
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------