firewall script with MAC and IP
I have a file called mac.txt and inside it contains the following: IP and MAC,
192.168.0.10;F0:AF:FF:FE:FA:00 My script for firewall is as follows: #!/bin/bash for i in `cat /root/mac1.txt`; do MACSOURCE=`echo $i | cut -d ';' -f1` IPSOURCE=`echo $i | cut -d ';' -f2` iptables -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT iptables -t filter -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT iptables -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j ACCEPT iptables -t nat -A POSTROUTING -s $IPSOURCE -o eth0 -j MASQUERADE done iptables v1.4.3.1: Bad mac address "192.168.0.10" Try `iptables -h' or 'iptables --help' for more information. iptables v1.4.3.1: host/network `F0:AF:FF:FE:FA:00' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.4.3.1: Bad mac address "192.168.0.10" Try `iptables -h' or 'iptables --help' for more information. iptables v1.4.3.1: host/network `F0:ADF:FF:FE:FA:00' not found Try `iptables -h' or 'iptables --help' for more information. |
Quote:
Based on the errors you're getting, you have syntax errors, because you're putting things in the wrong places. You're clearly defining MACSOURCE as field 1 (-f1), when your input has field 1 as an IP address. Did you do any debugging, or try anything to resolve this? |
I need the output of the command to iptables -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE-j ACCEPT.=> (iptables -t filter -A FORWARD -d 0/0 -s 192.168.0.10 -m mac --mac-source 00:xx:yy:zz:99:88 -j ACCEPT).
I need $ IPSOURCE that is in the first column and $ MACSOURCE the second column Another script to test : >for i in `cat /root/mac.txt`; >do > >MACSOURCE=`echo $i | cut -d ';' -f1` >IPSOURCE=`echo $i | cut -d ';' -f2` > >echo $MACSOURCE >echo $IPSOURCE >done and the script is ok |
that's OK . Changed my script :
> for i in `cat /root/mac.txt`; > do > IPSOURCE=`echo $i | cut -d \; -f1` >MACSOURCE=`echo $i | cut -d \; -f2` >iptables -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT >iptables -t filter -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT >iptables -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j ACCEPT >iptables -t nat -A POSTROUTING -s $IPSOURCE -o eth0 -j MASQUERADE >done Thanks to all |
Quote:
|
All times are GMT -5. The time now is 01:17 AM. |