Unix/Linux Go Back    


Shell Programming and Scripting BSD, Linux, and UNIX shell scripting — Post awk, bash, csh, ksh, perl, php, python, sed, sh, shell scripts, and other shell scripting languages questions here.

Listing IPs from the dhcpd.conf

Shell Programming and Scripting


Reply    
 
Thread Tools Search this Thread Display Modes
    #15  
Old Unix and Linux 4 Weeks Ago   -   Original Discussion by hermouche
RudiC's Unix or Linux Image
RudiC RudiC is online now Forum Staff  
Moderator
 
Join Date: Jul 2012
Last Activity: 17 December 2017, 6:44 AM EST
Location: Aachen, Germany
Posts: 11,815
Thanks: 341
Thanked 3,659 Times in 3,357 Posts
From your dhcpd.conf, use

Code:
subnet 192.168.0.0 netmask 255.255.255.0 {

to identify the IP range considered. From the

Code:
  host . . .  { . . .

blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.
Sponsored Links
    #16  
Old Unix and Linux 4 Weeks Ago   -   Original Discussion by hermouche
hermouche's Unix or Linux Image
hermouche hermouche is offline
Registered User
 
Join Date: Oct 2017
Last Activity: 1 December 2017, 4:14 AM EST
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
RedHat

Quote:
Originally Posted by RudiC View Post
From your dhcpd.conf, use

Code:
subnet 192.168.0.0 netmask 255.255.255.0 {

to identify the IP range considered. From the

Code:
  host . . .  { . . .

blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.
Thank you for your answer but you are talking to a newbee in scripting so ?!

Thanks again .
Sponsored Links
    #17  
Old Unix and Linux 4 Weeks Ago   -   Original Discussion by hermouche
RudiC's Unix or Linux Image
RudiC RudiC is online now Forum Staff  
Moderator
 
Join Date: Jul 2012
Last Activity: 17 December 2017, 6:44 AM EST
Location: Aachen, Germany
Posts: 11,815
Thanks: 341
Thanked 3,659 Times in 3,357 Posts
Quote:
Originally Posted by hermouche View Post
. . . so ?!
I was thinking about applying some exercise and creativity? How about


Code:
awk -F"[ ;]*" '
/^subnet/       {SUBNET = $2
                }
/^ *host.* {/   {getline
                 TMP = $4
                 getline
                 FXIP[$3] = TMP
                }
END             {sub (/[^.]*$/, "", SUBNET)
                 for (i=1; i<25; i++)   {TMP = sprintf ("%s%d", SUBNET, i) 
                                         printf "iptables -I FORWARD -s %s", TMP
                                          if (TMP in FXIP)       print " -p tcp -m multiport --dports  110,143,25,465,585,993,995,80,443 -m mac --mac-source " FXIP[TMP] " -j  ACCEPT"
                                           else                 print " -j DROP"
                                        }
                 for ( f in FXIP) print FXIP[f], f , " > ./etc_ethers"
                }
' dhcpd.conf
iptables -I FORWARD -s 192.168.0.1 -j DROP
iptables -I FORWARD -s 192.168.0.2 -j DROP
iptables -I FORWARD -s 192.168.0.3 -j DROP
iptables -I FORWARD -s 192.168.0.4 -j DROP
iptables -I FORWARD -s 192.168.0.5 -j DROP
iptables -I FORWARD -s 192.168.0.6 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 00:71:CC:6E:A3:33 -j ACCEPT
iptables -I FORWARD -s 192.168.0.7 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C0:38:96:72:8B:5B -j ACCEPT
iptables -I FORWARD -s 192.168.0.8 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 08:ED:B9:08:94:09 -j ACCEPT
iptables -I FORWARD -s 192.168.0.9 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source D0:53:49:CB:FE:0F -j ACCEPT
iptables -I FORWARD -s 192.168.0.10 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C4:8E:8F:8F:45:A7 -j ACCEPT
iptables -I FORWARD -s 192.168.0.11 -j DROP
iptables -I FORWARD -s 192.168.0.12 -j DROP
iptables -I FORWARD -s 192.168.0.13 -j DROP
iptables -I FORWARD -s 192.168.0.14 -j DROP
iptables -I FORWARD -s 192.168.0.15 -j DROP
iptables -I FORWARD -s 192.168.0.16 -j DROP
iptables -I FORWARD -s 192.168.0.17 -j DROP
iptables -I FORWARD -s 192.168.0.18 -j DROP
iptables -I FORWARD -s 192.168.0.19 -j DROP
iptables -I FORWARD -s 192.168.0.20 -j DROP
iptables -I FORWARD -s 192.168.0.21 -j DROP
iptables -I FORWARD -s 192.168.0.22 -j DROP
iptables -I FORWARD -s 192.168.0.23 -j DROP
iptables -I FORWARD -s 192.168.0.24 -j DROP
D0:53:49:CB:FE:0F 192.168.0.9  > ./etc_ethers
08:ED:B9:08:94:09 192.168.0.8  > ./etc_ethers
C0:38:96:72:8B:5B 192.168.0.7  > ./etc_ethers
00:71:CC:6E:A3:33 192.168.0.6  > ./etc_ethers
C4:8E:8F:8F:45:A7 192.168.0.10  > ./etc_ethers

Be aware that
- this prints out a subset (1 - 25) of the IP range in question, intentionally
- fakes the redirection into an "ethers" file
- could be enhanced to calculate the IP range from subnet and netmask instead of using fixed IPs
    #18  
Old Unix and Linux 4 Weeks Ago   -   Original Discussion by hermouche
hermouche's Unix or Linux Image
hermouche hermouche is offline
Registered User
 
Join Date: Oct 2017
Last Activity: 1 December 2017, 4:14 AM EST
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Thanks a lot RudiC -Linux but It is not so easy for me to follow this script .(to high for me)
Any way i am keeping it and i will study it later on.

I should say that I learned a lot from you, thanks a lot RudiC for your perseverance and patience.
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Script to update rsyslog.conf and auditd.conf Mide Shell Programming and Scripting 3 05-19-2017 09:42 AM
Help with Perl to change dhcpd.conf file ekckabatop Shell Programming and Scripting 6 09-15-2011 12:25 PM
dhcpd.conf - static route prvnrk Linux 3 08-14-2007 10:23 AM
Shell/Perl Script to edit dhcpd.conf sahilb Shell Programming and Scripting 4 11-22-2006 02:20 AM
dhcpd.conf keliy1 Linux 1 11-17-2004 04:05 PM



All times are GMT -4. The time now is 07:46 AM.