This Firewall script is interesting for use on WiFi networks, for blocking devices that to try access something inappropriate.
Insert this log rule in initial for your script Firewall:
#iptables -I FORWARD -m string --algo bm --string "facebook" -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix "FW_FACEBLOCK_log"
And create a new bit script:
#touch /root/blockmac.sh
#chmod 550 /root/blockmac.sh
#vim /root/blockmac.sh
#!/bin/sh
#Script desenvolvido para bloquear Mac Addresses
tail -100 /var/log/messages | grep "FW_FACEBLOCK_log" | grep -Po 'MAC=\K.*$' | cut -d ":" -f7-12 | sort | uniq -d > /root/maclist
#
maclist=/root/maclist
for i in `cat $maclist`; do
mac=`echo $i | cut -d ';' -f 1`
#
iptables -t mangle -A PREROUTING -i eth0 -m mac --mac-source $mac -j DROP
#eth0=Wlan
echo "MAC - Bloqueado - $mac"
done #Fim do FOR
This will add the mac addresses that have accessed facebook in the macblock list and
add drop rule in table mangle, chain prerouting, this is the first iptables entry, quit funcional.
To be more effective, add the script to the crontab:
0 0-23/1 * * * /root/blockmac.sh
Nenhum comentário:
Postar um comentário