Shell Programming and Scripting

BSD, Linux, and UNIX shell scripting — Post awk, bash, csh, ksh, perl, php, python, sed, sh, shell scripts, and other shell scripting languages questions here.

Listing IPs from the dhcpd.conf

👤 Login to reply

    #15  
Old 11-15-2017
RudiC RudiC is offline Forum Staff  
Moderator
 
From your dhcpd.conf, use
Code:
subnet 192.168.0.0 netmask 255.255.255.0 {

to identify the IP range considered. From the
Code:
  host . . .  { . . .

blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.
Sponsored Links
    #16  
Old 11-15-2017
hermouche hermouche is offline
Registered User
 
RedHat

Quote:
Originally Posted by RudiC View Post
From your dhcpd.conf, use
Code:
subnet 192.168.0.0 netmask 255.255.255.0 {

to identify the IP range considered. From the
Code:
  host . . .  { . . .

blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.
Thank you for your answer but you are talking to a newbee in scripting so ?!

Thanks again .
Sponsored Links
    #17  
Old 11-16-2017
RudiC RudiC is offline Forum Staff  
Moderator
 
Quote:
Originally Posted by hermouche View Post
. . . so ?!
I was thinking about applying some exercise and creativity? How about

Code:
awk -F"[ ;]*" '
/^subnet/       {SUBNET = $2
                }
/^ *host.* {/   {getline
                 TMP = $4
                 getline
                 FXIP[$3] = TMP
                }
END             {sub (/[^.]*$/, "", SUBNET)
                 for (i=1; i<25; i++)   {TMP = sprintf ("%s%d", SUBNET, i) 
                                         printf "iptables -I FORWARD -s %s", TMP
                                          if (TMP in FXIP)       print " -p tcp -m multiport --dports  110,143,25,465,585,993,995,80,443 -m mac --mac-source " FXIP[TMP] " -j  ACCEPT"
                                           else                 print " -j DROP"
                                        }
                 for ( f in FXIP) print FXIP[f], f , " > ./etc_ethers"
                }
' dhcpd.conf
iptables -I FORWARD -s 192.168.0.1 -j DROP
iptables -I FORWARD -s 192.168.0.2 -j DROP
iptables -I FORWARD -s 192.168.0.3 -j DROP
iptables -I FORWARD -s 192.168.0.4 -j DROP
iptables -I FORWARD -s 192.168.0.5 -j DROP
iptables -I FORWARD -s 192.168.0.6 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 00:71:CC:6E:A3:33 -j ACCEPT
iptables -I FORWARD -s 192.168.0.7 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C0:38:96:72:8B:5B -j ACCEPT
iptables -I FORWARD -s 192.168.0.8 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 08:ED:B9:08:94:09 -j ACCEPT
iptables -I FORWARD -s 192.168.0.9 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source D0:53:49:CB:FE:0F -j ACCEPT
iptables -I FORWARD -s 192.168.0.10 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C4:8E:8F:8F:45:A7 -j ACCEPT
iptables -I FORWARD -s 192.168.0.11 -j DROP
iptables -I FORWARD -s 192.168.0.12 -j DROP
iptables -I FORWARD -s 192.168.0.13 -j DROP
iptables -I FORWARD -s 192.168.0.14 -j DROP
iptables -I FORWARD -s 192.168.0.15 -j DROP
iptables -I FORWARD -s 192.168.0.16 -j DROP
iptables -I FORWARD -s 192.168.0.17 -j DROP
iptables -I FORWARD -s 192.168.0.18 -j DROP
iptables -I FORWARD -s 192.168.0.19 -j DROP
iptables -I FORWARD -s 192.168.0.20 -j DROP
iptables -I FORWARD -s 192.168.0.21 -j DROP
iptables -I FORWARD -s 192.168.0.22 -j DROP
iptables -I FORWARD -s 192.168.0.23 -j DROP
iptables -I FORWARD -s 192.168.0.24 -j DROP
D0:53:49:CB:FE:0F 192.168.0.9  > ./etc_ethers
08:ED:B9:08:94:09 192.168.0.8  > ./etc_ethers
C0:38:96:72:8B:5B 192.168.0.7  > ./etc_ethers
00:71:CC:6E:A3:33 192.168.0.6  > ./etc_ethers
C4:8E:8F:8F:45:A7 192.168.0.10  > ./etc_ethers

Be aware that
- this prints out a subset (1 - 25) of the IP range in question, intentionally
- fakes the redirection into an "ethers" file
- could be enhanced to calculate the IP range from subnet and netmask instead of using fixed IPs
    #18  
Old 11-16-2017
hermouche hermouche is offline
Registered User
 
Thanks a lot RudiC - but It is not so easy for me to follow this script .(to high for me)
Any way i am keeping it and i will study it later on.

I should say that I learned a lot from you, thanks a lot RudiC for your perseverance and patience.
Sponsored Links
👤 Login to reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Script to update rsyslog.conf and auditd.conf Mide Shell Programming and Scripting 3 05-19-2017 08:42 AM
Help with Perl to change dhcpd.conf file ekckabatop Shell Programming and Scripting 6 09-15-2011 11:25 AM
dhcpd.conf - static route prvnrk Linux 3 08-14-2007 09:23 AM
Shell/Perl Script to edit dhcpd.conf sahilb Shell Programming and Scripting 4 11-22-2006 01:20 AM
dhcpd.conf keliy1 Linux 1 11-17-2004 03:05 PM



All times are GMT -4. The time now is 01:45 PM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?