Home Man
Search
Today's Posts
Register

BSD, Linux, and UNIX shell scripting — Post awk, bash, csh, ksh, perl, php, python, sed, sh, shell scripts, and other shell scripting languages questions here.

Listing IPs from the dhcpd.conf

Tags
shell scripts

Login to Reply

 
Thread Tools Search this Thread
# 15  
Old 11-15-2017
From your dhcpd.conf, use
Code:
subnet 192.168.0.0 netmask 255.255.255.0 {

to identify the IP range considered. From the
Code:
  host . . .  { . . .

blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.
# 16  
Old 11-15-2017
RedHat

Quote:
Originally Posted by RudiC
From your dhcpd.conf, use
Code:
subnet 192.168.0.0 netmask 255.255.255.0 {

to identify the IP range considered. From the
Code:
  host . . .  { . . .

blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.
Thank you for your answer but you are talking to a newbee in scripting so ?!

Thanks again .
# 17  
Old 11-16-2017
Quote:
Originally Posted by hermouche
. . . so ?!
I was thinking about applying some exercise and creativity? How about

Code:
awk -F"[ ;]*" '
/^subnet/       {SUBNET = $2
                }
/^ *host.* {/   {getline
                 TMP = $4
                 getline
                 FXIP[$3] = TMP
                }
END             {sub (/[^.]*$/, "", SUBNET)
                 for (i=1; i<25; i++)   {TMP = sprintf ("%s%d", SUBNET, i) 
                                         printf "iptables -I FORWARD -s %s", TMP
                                          if (TMP in FXIP)       print " -p tcp -m multiport --dports  110,143,25,465,585,993,995,80,443 -m mac --mac-source " FXIP[TMP] " -j  ACCEPT"
                                           else                 print " -j DROP"
                                        }
                 for ( f in FXIP) print FXIP[f], f , " > ./etc_ethers"
                }
' dhcpd.conf
iptables -I FORWARD -s 192.168.0.1 -j DROP
iptables -I FORWARD -s 192.168.0.2 -j DROP
iptables -I FORWARD -s 192.168.0.3 -j DROP
iptables -I FORWARD -s 192.168.0.4 -j DROP
iptables -I FORWARD -s 192.168.0.5 -j DROP
iptables -I FORWARD -s 192.168.0.6 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 00:71:CC:6E:A3:33 -j ACCEPT
iptables -I FORWARD -s 192.168.0.7 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C0:38:96:72:8B:5B -j ACCEPT
iptables -I FORWARD -s 192.168.0.8 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 08:ED:B9:08:94:09 -j ACCEPT
iptables -I FORWARD -s 192.168.0.9 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source D0:53:49:CB:FE:0F -j ACCEPT
iptables -I FORWARD -s 192.168.0.10 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C4:8E:8F:8F:45:A7 -j ACCEPT
iptables -I FORWARD -s 192.168.0.11 -j DROP
iptables -I FORWARD -s 192.168.0.12 -j DROP
iptables -I FORWARD -s 192.168.0.13 -j DROP
iptables -I FORWARD -s 192.168.0.14 -j DROP
iptables -I FORWARD -s 192.168.0.15 -j DROP
iptables -I FORWARD -s 192.168.0.16 -j DROP
iptables -I FORWARD -s 192.168.0.17 -j DROP
iptables -I FORWARD -s 192.168.0.18 -j DROP
iptables -I FORWARD -s 192.168.0.19 -j DROP
iptables -I FORWARD -s 192.168.0.20 -j DROP
iptables -I FORWARD -s 192.168.0.21 -j DROP
iptables -I FORWARD -s 192.168.0.22 -j DROP
iptables -I FORWARD -s 192.168.0.23 -j DROP
iptables -I FORWARD -s 192.168.0.24 -j DROP
D0:53:49:CB:FE:0F 192.168.0.9  > ./etc_ethers
08:ED:B9:08:94:09 192.168.0.8  > ./etc_ethers
C0:38:96:72:8B:5B 192.168.0.7  > ./etc_ethers
00:71:CC:6E:A3:33 192.168.0.6  > ./etc_ethers
C4:8E:8F:8F:45:A7 192.168.0.10  > ./etc_ethers

Be aware that
- this prints out a subset (1 - 25) of the IP range in question, intentionally
- fakes the redirection into an "ethers" file
- could be enhanced to calculate the IP range from subnet and netmask instead of using fixed IPs
# 18  
Old 11-16-2017
Thanks a lot RudiC - but It is not so easy for me to follow this script .(to high for me)
Any way i am keeping it and i will study it later on.

I should say that I learned a lot from you, thanks a lot RudiC for your perseverance and patience.
Login to Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Configure resolv.conf and nsswitch.conf flexihopper18 Solaris 1 06-22-2017 08:12 PM
Script to update rsyslog.conf and auditd.conf Mide Shell Programming and Scripting 3 05-19-2017 08:42 AM
[Solved] How to remove listing of current user cmd from ps -ef listing? KDMishra UNIX for Dummies Questions & Answers 8 02-17-2013 03:47 PM
Help with Perl to change dhcpd.conf file ekckabatop Shell Programming and Scripting 6 09-15-2011 11:25 AM
basic question on sd.conf and lpc.conf file mokkan Solaris 4 08-14-2009 02:29 PM
Configuring snmpd.conf and snmptrapd.conf jagdish.machhi@ UNIX for Advanced & Expert Users 2 04-17-2008 03:01 PM
dhcpd.conf - static route prvnrk Linux 3 08-14-2007 09:23 AM
Shell/Perl Script to edit dhcpd.conf sahilb Shell Programming and Scripting 4 11-22-2006 01:20 AM
dhcpd.conf keliy1 Linux 1 11-17-2004 03:05 PM
Recursive directory listing without listing files psingh UNIX for Dummies Questions & Answers 4 05-10-2002 10:52 AM


All times are GMT -4. The time now is 06:02 AM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password