Script
to block mac addresses, useful for WiFi networks to block mobile
devices that insist on using a private WiFi network.
Create a folder “macblock” in /root
directory (Firewall script directory)
#touch macblock
Put the mac addresses within
macblock.
#nano macblock
To find out the mac address use #ip neigh show or
visualize the dhcp log
#nano macblock
To find out the mac address use #ip neigh show or
visualize the dhcp log
#tail -n 300 / var / log /
messages or syslog
Because
block access by tables mangle in PREROUTING to 53 destination
port?
Simple, the intruder becomes a zombie, aimlessly, gets lost.
Place this at the beginning of his scrip Firewall
Simple, the intruder becomes a zombie, aimlessly, gets lost.
Place this at the beginning of his scrip Firewall
#Mac Addresses
Block
macblock=/root/macblock
for i in `cat
$macblock`; do
ip=`echo $i | cut
-d ';' -f 1`
#
iptables -t
mangle -A PREROUTING -i eth2 -p udp -m mac --mac-source $ip --dport
53 -j DROP
#
echo "MAC -
Bloqueado - $ip"
done #Fim do FOR
#
#eth2 is a Lan Network
Nenhum comentário:
Postar um comentário