MAC Address ALLOW/DROP Script
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear Startor,
Salam,
Add this in your /etc/rc.local
# /sbin/iptables -I INPUT -p all -j DROP
But you also need to add your server mac address in /etc/mac.allow
Best Regards.
Salam,
Add this in your /etc/rc.local
# /sbin/iptables -I INPUT -p all -j DROP
But you also need to add your server mac address in /etc/mac.allow
Best Regards.
Farrukh Ahmed
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
NOt Worked
Salam O alykum
Sir i have put that Line in the rc.local but it didnt stop the traffic
its my /etc/rc.d/rc.local
i have posted this file fully
once i have put the line after the line /./pak
but not worked
okay...me waiting......
Sir i have put that Line in the rc.local but it didnt stop the traffic
its my /etc/rc.d/rc.local
the file, "Pak" you can see in the previous post#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
/sbin/iptables -I INPUT -p all -j DROP
/./pak
#/usr/local/squid/sbin/squid -D
touch /var/lock/subsys/local
exec /sbin/maccheck
#unlimit -HSn 8192 =rclocal
i have posted this file fully
once i have put the line after the line /./pak
but not worked
okay...me waiting......
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
No one Replied
Salam O Alykum
Sir no one have Replied for the previous post...
i am wait sir
thanx
Sir no one have Replied for the previous post...
i am wait sir
thanx
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Lieutenant Colonel
- Posts: 660
- Joined: Sat Jul 06, 2002 12:35 pm
- Location: Islamabad
- Contact:
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
its Working
Salam O Alykumzaeemarshad wrote:dude its ./pak and not /./pak ... better yet give the full path. so if its in ur root directory then u should post it like that.
/root/pak
cheers
zaeem
Sir this Command is working ..and my Mobilnk sms, yahoo voice chat. yahoo webcam , nettelephone are working with the help of this file.
Plz help me in the Mac Athentication
Salam O Alykum
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear sartor,
Salam,
you must take a look at this
http://www.linuxpakistan.net/forum2x/vi ... 2182#11576
It has defined what you need to do and how. Please use latest script.
Best Regards.
Salam,
you must take a look at this
http://www.linuxpakistan.net/forum2x/vi ... 2182#11576
It has defined what you need to do and how. Please use latest script.
Best Regards.
Farrukh Ahmed
-
- Company Havaldaar Major
- Posts: 195
- Joined: Fri Feb 04, 2005 7:21 pm
- Location: Lahore, PK
- Contact:
what ./pak script ?
Please tell me what is ./pak script ?? my yahoo, voice chat, web cam, and mobilink web chat is not working same as sarthor problem... please sarthor if you got this message then please tell me A to Z procedure ... what to do with iptables...
these things are not working:
YAHOO CHAT,
YAHOO VOICE CHAT,
YAHOO CAM,
MSN VOICE CHAT,
MOBILINK WEB SMS,
Please Sarthor help me if you can...
Allah Hafiz
these things are not working:
YAHOO CHAT,
YAHOO VOICE CHAT,
YAHOO CAM,
MSN VOICE CHAT,
MOBILINK WEB SMS,
Please Sarthor help me if you can...
Allah Hafiz
-
- Company Havaldaar Major
- Posts: 195
- Joined: Fri Feb 04, 2005 7:21 pm
- Location: Lahore, PK
- Contact:
Farukh bhai Sallam!
thanks for your MAC Script... its realy very cool and working very good... but my one and last problem is left..... wo yeh kay yahoo per voice chat aur web cam open nahi ho raha... same as sarthor jessa problem hai... app bhe please aik baar mujhy complete procedure bta dainy kay mien kya keron ??.. aur iptables kay rules bna ker mujhy forum per send ker dain... mai apka bohat he shukar guzaar honga... MAC allow aur mac DENY script bilkul theek work ker raha hai... bass yehi aik last problem reh gaye hai ... ports wali... please please help me..
NETWORK DESIGN IS:
Getting internet from win-xp Lan ip is :192.168.1.1 which is come throu 192.168.1.2...
abh clintes ko internet idosray LAN card kay zariye mill raha hai throu this ip 192.168.2.1
I am using Squid proxy on Linux 9.0....
now u please make iptables rules and post me.... thank you
Allah Hafiz
thanks for your MAC Script... its realy very cool and working very good... but my one and last problem is left..... wo yeh kay yahoo per voice chat aur web cam open nahi ho raha... same as sarthor jessa problem hai... app bhe please aik baar mujhy complete procedure bta dainy kay mien kya keron ??.. aur iptables kay rules bna ker mujhy forum per send ker dain... mai apka bohat he shukar guzaar honga... MAC allow aur mac DENY script bilkul theek work ker raha hai... bass yehi aik last problem reh gaye hai ... ports wali... please please help me..
NETWORK DESIGN IS:
Getting internet from win-xp Lan ip is :192.168.1.1 which is come throu 192.168.1.2...
abh clintes ko internet idosray LAN card kay zariye mill raha hai throu this ip 192.168.2.1
I am using Squid proxy on Linux 9.0....
now u please make iptables rules and post me.... thank you
Allah Hafiz
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Farrukh Ahmed
-
- Company Havaldaar Major
- Posts: 195
- Joined: Fri Feb 04, 2005 7:21 pm
- Location: Lahore, PK
- Contact:
Assalam_O_Alikum!
Farrukh bhai how are you and hows your father health now?
i hope he was good now...
well farukh bhai i got one problem... jabh mien kissi user ka MAC block kerta hon tu us user ke sirf browsing band hoti hai... Yahoo messenger aur Msn work kerta rehta hai.... yeh kya waja hai ? mien chahta hon kay jabh mien kissi user ka MAC block keron tu uski her aik cheez block ho jayee.. browsing, messengers etc.
I am using your MAC script.
please tell me about this problem.
Allah Hafiz
Farrukh bhai how are you and hows your father health now?
i hope he was good now...
well farukh bhai i got one problem... jabh mien kissi user ka MAC block kerta hon tu us user ke sirf browsing band hoti hai... Yahoo messenger aur Msn work kerta rehta hai.... yeh kya waja hai ? mien chahta hon kay jabh mien kissi user ka MAC block keron tu uski her aik cheez block ho jayee.. browsing, messengers etc.
I am using your MAC script.
please tell me about this problem.
Allah Hafiz
-
- Battalion Quarter Master Havaldaar
- Posts: 241
- Joined: Wed Dec 24, 2003 2:36 am
- Location: Pukhtoonistan
- Contact:
Check Again And Again
Salam O Alykum
Dear AsadDotCom
Check this AGain and Again.
http://www.linuxpakistan.net/forum2x/vi ... php?t=3368
You will find the Solution. Coz this mac check sript block all the trafic for that mac. even your server stop pinging that NIC, Nor that Client can ping your server.
I m Also using that sript. its working fine. and if there is any difficulty in that maccheck script, that you are facing then get an ethernet 604 router. that wil solve your prob.
So there must be something wrong on your End.
Okay
thanx
and
Alwida
Dear AsadDotCom
Check this AGain and Again.
http://www.linuxpakistan.net/forum2x/vi ... php?t=3368
You will find the Solution. Coz this mac check sript block all the trafic for that mac. even your server stop pinging that NIC, Nor that Client can ping your server.
I m Also using that sript. its working fine. and if there is any difficulty in that maccheck script, that you are facing then get an ethernet 604 router. that wil solve your prob.
So there must be something wrong on your End.
Okay
thanx
and
Alwida
Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------
-----------------------------
----- ----- ----- ------ ------ -------
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Updated
Legend
1. Text in black color like this are my narration / Instructions
2. Text in bold black like this are commands
3. Text in blue must be in /sbin/maccheck
4. Text in bold blue is user specific. You have to change according to you actual data
5. Text in brown is the part of command should be combined with user data in bold blue
Instructions
1. First Copy these two files from appendix of this tutorial into your /sbin folder
# cp addmac maccheck /sbin
2. Change permissions of both files.
# chmod 744 /sbin/addmac /sbin/maccheck
3. How to Add / / Unblock / Find / Backup / Restore Mac Address.
# addmac allow 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.allow)
4. How to Block Mac Address
# addmac block 00:00:91:0D:5C:90 Farrukh Ahmed (it will block given mac address from /etc/mac.allow and insert in /etc/mac.deny)
5. How to Restore Mac Address
# addmac deny 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.deny)
6. How to find from allowed Mac Address
# addmac find allow 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.allow)
7. How to find from denied Mac Address
# addmac find deny 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.deny)
6. How to unblock Mac Address
# addmac unblock 00:00:91:0D:5C:90 (it will unblock given mac address from /etc/mac.deny and insert in /etc/mac.allow)
7. How to backup allowed Mac Address
# addmac backup allow (it will backup /etc/mac.allow to /etc/mac.allow.bak)
8. How to backup denied Mac Address
# addmac backup deny (it will backup /etc/mac.deny to /etc/mac.deny.bak)
9. How to restore allowed Mac Address
# addmac restore allow (it will restore /etc/mac.allow.bak to /etc/mac.allow)
10. How to restore denied Mac Address
# addmac restore deny (it will restore /etc/mac.deny.bak to /etc/mac.deny)
Note: when ever you Add/Remove/Block/Unblock MAC Address you must Run /sbin/maccheck
In the last of your /etc/rd.d/rc.local add following line
exec /sbin/maccheck
My mac.allow file look like
# cat /etc/mac.allow
00:C0:05:01:87:20 #Farrukh Ahmed
00:C0:05:02:0E:92 #Tariq Bahi
00:C0:05:02:00:68 #Sheraz
00:C0:05:01:87:20 #Badar
00:C0:09:10:87:D0 #Tauqeer
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91 #Asif Khan
00:00:0C:8E:55:11 #Meraj Rasool Khattak
Appendix
Following are the two scripts mentioned in the Tutorial Above
Script No. 1
# touch /sbin/maccheck
This will create blank file in /sbin
# pico /sbin/maccheck
This will open blank file which you created before. Now copy and paste here the MAC Check Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/maccheck
This will change the permission of the /sbin/maccheck file
Content of /sbin/maccheck
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
set -x
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
/sbin/iptables -I INPUT -p all -j DROP
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
Script No. 2
# touch /sbin/addmac
This will create blank file in /sbin
# pico /sbin/addmac
This will open blank file which you created before. Now copy and paste here the ADD MAC Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/addmac
This will change the permission of the /sbin/addmac file
Content of /sbin/addmac
#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
allow() {
if [ $# != 3 ]; then
echo -e "Usage : addmac allow <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_ALLOW})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
if [ $# != 1 ]; then
echo "Usage: addmac backup <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
if [ $args="deny" ]; then
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
fi
alias cp='cp -i'
}
block() {
if [ $# != 1 ]; then
echo "Usage: addmac block <MAC Address>";
exit 1
fi
args=$1
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_ALLOW} && echo ${line} >> ${MAC_DENY}
fi
done<${MAC_ALLOW}
}
deny() {
if [ $# != 3 ]; then
echo "Usage : addmac deny <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_DENY})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
if [ $# != 2 ]; then
echo "Usage : addmac find <allow/deny> <MAC Address>";
exit 1
fi
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 = "all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}
restore() {
if [ $* != $1 ]; then
echo "Usage: addmac restore <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
searchmac() {
if [ $# != 1]; then
echo "Usage : addmac searchmac";
exit 1
fi
arp -n | awk '{if($1~/Address/){print "IP",$1,"\t",$3}else{print $1,"\t",$3}
}' | sed 's/HWa/MAC A/'
}
unblock() {
if [ $# != 1 ]; then
echo "Usage: addmac unblock <MAC Address>";
exit 1
fi
args=$1;
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_DENY} && echo ${line} >> ${MAC_ALLOW}
fi
done<${MAC_DENY}
}
case "$1" in
allow)
allow $2 $3 $4
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3 $4
;;
find)
find $2 $3
;;
restore)
restore $2
;;
searchmac)
searchmac
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|searchmac|unblock} MAC Address"
exit 1
esac
Best Regards.
1. Text in black color like this are my narration / Instructions
2. Text in bold black like this are commands
3. Text in blue must be in /sbin/maccheck
4. Text in bold blue is user specific. You have to change according to you actual data
5. Text in brown is the part of command should be combined with user data in bold blue
Instructions
1. First Copy these two files from appendix of this tutorial into your /sbin folder
# cp addmac maccheck /sbin
2. Change permissions of both files.
# chmod 744 /sbin/addmac /sbin/maccheck
3. How to Add / / Unblock / Find / Backup / Restore Mac Address.
# addmac allow 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.allow)
4. How to Block Mac Address
# addmac block 00:00:91:0D:5C:90 Farrukh Ahmed (it will block given mac address from /etc/mac.allow and insert in /etc/mac.deny)
5. How to Restore Mac Address
# addmac deny 00:00:91:0D:5C:90 Farrukh Ahmed (it will add given mac address, and comments 'Farrukh Ahmed' in /etc/mac.deny)
6. How to find from allowed Mac Address
# addmac find allow 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.allow)
7. How to find from denied Mac Address
# addmac find deny 00:00:91:0D:5C:90 (it will find given mac address in /etc/mac.deny)
6. How to unblock Mac Address
# addmac unblock 00:00:91:0D:5C:90 (it will unblock given mac address from /etc/mac.deny and insert in /etc/mac.allow)
7. How to backup allowed Mac Address
# addmac backup allow (it will backup /etc/mac.allow to /etc/mac.allow.bak)
8. How to backup denied Mac Address
# addmac backup deny (it will backup /etc/mac.deny to /etc/mac.deny.bak)
9. How to restore allowed Mac Address
# addmac restore allow (it will restore /etc/mac.allow.bak to /etc/mac.allow)
10. How to restore denied Mac Address
# addmac restore deny (it will restore /etc/mac.deny.bak to /etc/mac.deny)
Note: when ever you Add/Remove/Block/Unblock MAC Address you must Run /sbin/maccheck
In the last of your /etc/rd.d/rc.local add following line
exec /sbin/maccheck
My mac.allow file look like
# cat /etc/mac.allow
00:C0:05:01:87:20 #Farrukh Ahmed
00:C0:05:02:0E:92 #Tariq Bahi
00:C0:05:02:00:68 #Sheraz
00:C0:05:01:87:20 #Badar
00:C0:09:10:87:D0 #Tauqeer
My mac.deny file
# cat /etc/mac.deny
00:C0:05:02:0E:91 #Asif Khan
00:00:0C:8E:55:11 #Meraj Rasool Khattak
Appendix
Following are the two scripts mentioned in the Tutorial Above
Script No. 1
# touch /sbin/maccheck
This will create blank file in /sbin
# pico /sbin/maccheck
This will open blank file which you created before. Now copy and paste here the MAC Check Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/maccheck
This will change the permission of the /sbin/maccheck file
Content of /sbin/maccheck
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
set -x
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
/sbin/iptables -I INPUT -p all -j DROP
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
Script No. 2
# touch /sbin/addmac
This will create blank file in /sbin
# pico /sbin/addmac
This will open blank file which you created before. Now copy and paste here the ADD MAC Script and press Ctrl + X then it will ask you to save it or not press Y and save it /sbin/addmac
# chmod 744 /sbin/addmac
This will change the permission of the /sbin/addmac file
Content of /sbin/addmac
#
#!/bin/sh
#
# Use this script to block your Clients by their MAC Address.
# Script Created by Farrukh Ahmed of Linux Pakistan dot Net
#
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
allow() {
if [ $# != 3 ]; then
echo -e "Usage : addmac allow <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_ALLOW})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_ALLOW ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_ALLOW
chmod 644 $MAC_ALLOW
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_ALLOW
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
backup() {
if [ $# != 1 ]; then
echo "Usage: addmac backup <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f $MAC_ALLOW ${MAC_ALLOW}.bak
else
if [ $args="deny" ]; then
cp -f $MAC_DENY ${MAC_DENY}.bak
fi
fi
alias cp='cp -i'
}
block() {
if [ $# != 1 ]; then
echo "Usage: addmac block <MAC Address>";
exit 1
fi
args=$1
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_ALLOW} && echo ${line} >> ${MAC_DENY}
fi
done<${MAC_ALLOW}
}
deny() {
if [ $# != 3 ]; then
echo "Usage : addmac deny <MAC Address> <Comments>";
exit 1
fi
args=$1
args1="$2 $3"
for MAC in $(cat ${MAC_DENY})
do
if [ $MAC = $args ]; then
echo "MAC Address : $MAC already exists";
exit 1
fi
done
if [ ! -f $MAC_DENY ]; then
echo -e "File Not Found..."
echo -e "Creating File..."
touch $MAC_DENY
chmod 644 $MAC_DENY
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
else
echo "$args # $args1" >> $MAC_DENY
if [ $? = 0 ]; then
echo "MAC Added Successfully";
else
echo "Failed to Add MAC Address";
fi
fi
}
find() {
if [ $# != 2 ]; then
echo "Usage : addmac find <allow/deny> <MAC Address>";
exit 1
fi
args=$1
args1=$2
if [ $1 = "allow" ]; then
if [ $2 = "all" ]; then
sort $MAC_ALLOW | uniq $MAC_ALLOW
else
cat $MAC_ALLOW | grep $args1
fi
else
if [ $2 = "all" ]; then
sort $MAC_DENY | uniq $MAC_DENY
else
cat $MAC_DENY | grep $args1
fi
fi
}
restore() {
if [ $* != $1 ]; then
echo "Usage: addmac restore <allow/deny>";
exit 1
fi
args=$1
alias cp='cp'
if [ $args="allow" ]; then
cp -f ${MAC_ALLOW}.bak $MAC_ALLOW
else
cp -f ${MAC_DENY}.bak $MAC_DENY
fi
alias cp='cp -i'
}
searchmac() {
if [ $# != 1]; then
echo "Usage : addmac searchmac";
exit 1
fi
arp -n | awk '{if($1~/Address/){print "IP",$1,"\t",$3}else{print $1,"\t",$3}
}' | sed 's/HWa/MAC A/'
}
unblock() {
if [ $# != 1 ]; then
echo "Usage: addmac unblock <MAC Address>";
exit 1
fi
args=$1;
while read line
do
if [ ${line//\#*} = ${args} ]; then
sed -i "/${args}/d" ${MAC_DENY} && echo ${line} >> ${MAC_ALLOW}
fi
done<${MAC_DENY}
}
case "$1" in
allow)
allow $2 $3 $4
;;
backup)
backup $2
;;
block)
block $2
;;
deny)
deny $2 $3 $4
;;
find)
find $2 $3
;;
restore)
restore $2
;;
searchmac)
searchmac
;;
unblock)
unblock $2
;;
*)
echo "Usage: addmac {allow|backup|block|deny|find|restore|searchmac|unblock} MAC Address"
exit 1
esac
Best Regards.
Farrukh Ahmed
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear Users,
Salam,
Please use latest version of checkmac script.
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t fitler -F
iptables -t fitler -X
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
Best Regards.
Salam,
Please use latest version of checkmac script.
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t fitler -F
iptables -t fitler -X
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
Best Regards.
Farrukh Ahmed
-
- Company Havaldaar Major
- Posts: 195
- Joined: Fri Feb 04, 2005 7:21 pm
- Location: Lahore, PK
- Contact:
Dear LinuxFreaK,
Sallam,
I got this message after using your latest script.
tell me what to do ?
Sallam,
I got this message after using your latest script.
Also my browsing stoped in clint side after using this ...[root@dricola root]# /sbin/maccheck
Loading MAC Address....
iptables v1.3.5: can't initialize iptables table `fitler': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `fitler': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
MAC Address Loaded Successfully....
tell me what to do ?
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear asaddotcom,
Salam,
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
Note: you can modify bold rules according to your need.
Best Regards.
Salam,
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
Note: you can modify bold rules according to your need.
Best Regards.
Farrukh Ahmed