LinuxQuestions.org - firewall script with MAC and IP

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - firewall script with MAC and IP (https://www.linuxquestions.org/questions/linux-software-2/firewall-script-with-mac-and-ip-789918/)

firewall script with MAC and IP

I have a file called mac.txt and inside it contains the following: IP and MAC,
192.168.0.10;F0:AF:FF:FE:FA:00

My script for firewall is as follows:

#!/bin/bash
for i in `cat /root/mac1.txt`;
do
MACSOURCE=`echo $i | cut -d ';' -f1`
IPSOURCE=`echo $i | cut -d ';' -f2`
iptables -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT
iptables -t filter -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT
iptables -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j ACCEPT
iptables -t nat -A POSTROUTING -s $IPSOURCE -o eth0 -j MASQUERADE
done
iptables v1.4.3.1: Bad mac address "192.168.0.10"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.3.1: host/network `F0:AF:FF:FE:FA:00' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.3.1: Bad mac address "192.168.0.10"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.3.1: host/network `F0:ADF:FF:FE:FA:00' not found
Try `iptables -h' or 'iptables --help' for more information.

Quote:

Originally Posted by waranha (Post 3868007)

I have a file called mac.txt and inside it contains the following: IP and MAC,
192.168.0.10;F0:AF:FF:FE:FA:00

My script for firewall is as follows:

Code:

#!/bin/bash

for i in `cat /root/mac1.txt`;

do

MACSOURCE=`echo $i | cut -d ';' -f1`

IPSOURCE=`echo $i | cut -d ';' -f2`

iptables -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT

iptables -t filter -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT

iptables -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j ACCEPT

iptables -t nat -A POSTROUTING -s $IPSOURCE -o eth0 -j MASQUERADE

done

iptables v1.4.3.1: Bad mac address "192.168.0.10"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.3.1: host/network `F0:AF:FF:FE:FA:00' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.3.1: Bad mac address "192.168.0.10"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.3.1: host/network `F0:ADF:FF:FE:FA:00' not found
Try `iptables -h' or 'iptables --help' for more information.

Ok...is there a question in here somewhere, or should we guess? And please put your code in CODE tags...

Based on the errors you're getting, you have syntax errors, because you're putting things in the wrong places. You're clearly defining MACSOURCE as field 1 (-f1), when your input has field 1 as an IP address. Did you do any debugging, or try anything to resolve this?

I need the output of the command to iptables -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE-j ACCEPT.=> (iptables -t filter -A FORWARD -d 0/0 -s 192.168.0.10 -m mac --mac-source 00:xx:yy:zz:99:88 -j ACCEPT).

I need $ IPSOURCE that is in the first column and $ MACSOURCE the second column

Another script to test :

>for i in `cat /root/mac.txt`;
>do
>
>MACSOURCE=`echo $i | cut -d ';' -f1`
>IPSOURCE=`echo $i | cut -d ';' -f2`
>
>echo $MACSOURCE
>echo $IPSOURCE
>done

and the script is ok

that's OK . Changed my script :

> for i in `cat /root/mac.txt`;
> do
> IPSOURCE=`echo $i | cut -d \; -f1`
>MACSOURCE=`echo $i | cut -d \; -f2`
>iptables -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT
>iptables -t filter -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT
>iptables -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j ACCEPT
>iptables -t nat -A POSTROUTING -s $IPSOURCE -o eth0 -j MASQUERADE
>done

Thanks to all

Quote:

Originally Posted by waranha (Post 3868305)

Right...that's what I suggested in my first post.