MAC Address ALLOW/DROP Script

Discussion regarding the installation and configuration of Linux distributions.
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Fri Nov 05, 2004 10:42 pm

Dear Startor,
Salam,

Add this in your /etc/rc.local

# /sbin/iptables -I INPUT -p all -j DROP

But you also need to add your server mac address in /etc/mac.allow :)

Best Regards.
Farrukh Ahmed

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

NOt Worked

Postby sarthor » Sat Nov 13, 2004 2:49 am

Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

No one Replied

Postby sarthor » Fri Nov 19, 2004 12:00 am

Salam O Alykum
Sir no one have Replied for the previous post...
i am wait sir
thanx
Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------

zaeemarshad
Lieutenant Colonel
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Location: Islamabad
Contact:

Postby zaeemarshad » Sat Nov 20, 2004 4:04 pm

dude its ./pak and not /./pak ... better yet give the full path. so if its in ur root directory then u should post it like that.

/root/pak

cheers
zaeem

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

its Working

Postby sarthor » Sat Nov 20, 2004 10:47 pm

Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sun Nov 21, 2004 1:31 am

Farrukh Ahmed

asaddotcom
Company Havaldaar Major
Posts: 195
Joined: Fri Feb 04, 2005 7:21 pm
Location: Lahore, PK
Contact:

what ./pak script ?

Postby asaddotcom » Tue May 10, 2005 3:29 pm

Please tell me what is ./pak script ?? my yahoo, voice chat, web cam, and mobilink web chat is not working same as sarthor problem... please sarthor if you got this message then please tell me A to Z procedure ... what to do with iptables...

these things are not working:
YAHOO CHAT,
YAHOO VOICE CHAT,
YAHOO CAM,
MSN VOICE CHAT,
MOBILINK WEB SMS,

Please Sarthor help me if you can...

Allah Hafiz
Thanking You...

ครค๔
|

asaddotcom
Company Havaldaar Major
Posts: 195
Joined: Fri Feb 04, 2005 7:21 pm
Location: Lahore, PK
Contact:

Postby asaddotcom » Tue May 10, 2005 8:41 pm

Thanking You...



ครค๔

|

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Wed May 11, 2005 1:09 am

Farrukh Ahmed

asaddotcom
Company Havaldaar Major
Posts: 195
Joined: Fri Feb 04, 2005 7:21 pm
Location: Lahore, PK
Contact:

Postby asaddotcom » Tue May 24, 2005 5:12 pm

Assalam_O_Alikum!

Farrukh bhai how are you and hows your father health now?
i hope he was good now...
well farukh bhai i got one problem... jabh mien kissi user ka MAC block kerta hon tu us user ke sirf browsing band hoti hai... Yahoo messenger aur Msn work kerta rehta hai.... yeh kya waja hai ? mien chahta hon kay jabh mien kissi user ka MAC block keron tu uski her aik cheez block ho jayee.. browsing, messengers etc.

I am using your MAC script.

please tell me about this problem.

Allah Hafiz
Thanking You...



ครค๔

|

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

Check Again And Again

Postby sarthor » Tue May 24, 2005 6:52 pm

Tefl E Maktab

-----------------------------

----- ----- ----- ------ ------ -------

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Updated

Postby LinuxFreaK » Wed Aug 31, 2005 2:04 am



1. Text in black color like this are my narration / Instructions
2. Text in bold black like this are commands
3. Text in blue must be in /sbin/maccheck
4. Text in bold blue is user specific. You have to change according to you actual data
5. Text in brown is the part of command should be combined with user data in bold blue



1. First Copy these two files from appendix of this tutorial into your /sbin folder

# cp addmac maccheck /sbin

2. Change permissions of both files.

# chmod 744 /sbin/addmac /sbin/maccheck

3. How to Add / / Unblock / Find / Backup / Restore Mac Address.

# addmac allow 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.allow)

4. How to Block Mac Address

# addmac block 00:00:91:0D:5C:90 Farrukh Ahmed (it will block given mac address from /etc/mac.allow and insert in /etc/mac.deny)

5. How to Restore Mac Address

# addmac deny 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.deny)

6. How to find from allowed Mac Address

# addmac find allow 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.allow)

7. How to find from denied Mac Address

# addmac find deny 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.deny)

6. How to unblock Mac Address

# addmac unblock 00:00:91:0D:5C:90 (it will unblock given mac address from /etc/mac.deny and insert in /etc/mac.allow)

7. How to backup allowed Mac Address

# addmac backup allow (it will backup /etc/mac.allow to /etc/mac.allow.bak)

8. How to backup denied Mac Address

# addmac backup deny (it will backup /etc/mac.deny to /etc/mac.deny.bak)

9. How to restore allowed Mac Address

# addmac restore allow (it will restore /etc/mac.allow.bak to /etc/mac.allow)

10. How to restore denied Mac Address

# addmac restore deny (it will restore /etc/mac.deny.bak to /etc/mac.deny)

Note: when ever you Add/Remove/Block/Unblock MAC Address you must Run /sbin/maccheck

In the last of your /etc/rd.d/rc.local add following line

exec /sbin/maccheck

My mac.allow file look like

# cat /etc/mac.allow

00:C0:05:01:87:20 #Farrukh Ahmed
00:C0:05:02:0E:92 #Tariq Bahi
00:C0:05:02:00:68 #Sheraz
00:C0:05:01:87:20 #Badar
00:C0:09:10:87:D0 #Tauqeer


My mac.deny file

# cat /etc/mac.deny
00:C0:05:02:0E:91 #Asif Khan
00:00:0C:8E:55:11 #Meraj Rasool Khattak




Following are the two scripts mentioned in the Tutorial Above

Script No. 1

# touch /sbin/maccheck

This will create blank file in /sbin

# pico /sbin/maccheck

This will open blank file which you created before. Now copy and paste here the MAC Check Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac

# chmod 744 /sbin/maccheck

This will change the permission of the /sbin/maccheck file

Content of /sbin/maccheck

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

set -x

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
/sbin/iptables -I INPUT -p all -j DROP

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."


Script No. 2


# touch /sbin/addmac

This will create blank file in /sbin

# pico /sbin/addmac

This will open blank file which you created before. Now copy and paste here the ADD MAC Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac

# chmod 744 /sbin/addmac

This will change the permission of the /sbin/addmac file

Content of /sbin/addmac

#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"

allow() {
if [ $# != 3 ]; then
echo -e "Usage : addmac allow <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_ALLOW})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}

backup() {
if [ $# != 1 ]; then
echo "Usage: addmac backup <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
if [ $args="deny" ]; then
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
fi
alias cp='cp -i'
}

block() {
if [ $# != 1 ]; then
echo "Usage: addmac block <MAC Address>";
exit 1
fi
args=$1
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_ALLOW} && echo ${line} >> ${MAC_DENY}
fi
done<${MAC_ALLOW}
}

deny() {
if [ $# != 3 ]; then
echo "Usage : addmac deny <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_DENY})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}

find() {
if [ $# != 2 ]; then
echo "Usage : addmac find <allow/deny> <MAC Address>";
exit 1
fi
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 = "all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}

restore() {
if [ $* != $1 ]; then
echo "Usage: addmac restore <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}

searchmac() {
if [ $# != 1]; then
echo "Usage : addmac searchmac";
exit 1
fi
arp -n | awk '{if($1~/Address/){print "IP",$1,"\t",$3}else{print $1,"\t",$3}
}' | sed 's/HWa/MAC A/'
}

unblock() {
if [ $# != 1 ]; then
echo "Usage: addmac unblock <MAC Address>";
exit 1
fi
args=$1;
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_DENY} && echo ${line} >> ${MAC_ALLOW}
fi
done<${MAC_DENY}
}

case "$1" in
allow)
allow $2 $3 $4
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3 $4
;;
find)
find $2 $3
;;
restore)
restore $2
;;
searchmac)
searchmac
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|searchmac|unblock} MAC Address"
exit 1
esac


Best Regards.
Farrukh Ahmed

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Tue Feb 28, 2006 2:00 pm

Dear Users,
Salam,

Please use latest version of checkmac script.

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t fitler -F
iptables -t fitler -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."


Best Regards.
Farrukh Ahmed

asaddotcom
Company Havaldaar Major
Posts: 195
Joined: Fri Feb 04, 2005 7:21 pm
Location: Lahore, PK
Contact:

Postby asaddotcom » Tue Feb 28, 2006 11:12 pm

Thanking You...



ครค๔

|

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Wed Mar 01, 2006 11:44 am

Dear asaddotcom,
Salam,

#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh

MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"

cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY

echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done

for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE


/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP

rm -f $TMP_ALLOW
rm -f $TMP_DENY

echo -e "MAC Address Loaded Successfully...."


Note: you can modify bold rules according to your need.

Best Regards.
Farrukh Ahmed


Return to “Installation”

Who is online

Users browsing this forum: No registered users and 0 guests