drolevar · May 29, 2023 11:53
diff --git a/getmac.sh b/getmac.sh
 #!/bin/sh

 # Check if hostname is provided
 if [ -z "$1" ]; then
    echo "Usage: $0 <hostname>"
    exit 1
 fi

 # Extract the hostname to look for
 hostname=$1

 awk -v hostname="$hostname" '
 BEGIN {
    FS="option"
    name = ""
    mac = ""
 }

 /^config host/ {
    name = ""
    mac = ""
 }

 /name/ {
    split($2, a, " ")
    name = a[2]
    gsub("\047", "", name)
    if (name == hostname && mac != "") {
        print mac
        exit
    }
 }

 /mac/ {
    split($2, a, " ")
    mac = a[2]
    gsub("\047", "", mac)
    if (name == hostname && mac != "") {
        print mac
        exit
    }
 }' /etc/config/dhcp
diff --git a/manage.sh b/manage.sh
 #!/bin/sh

 if [ $# -ne 2 ]
  then
    echo "Usage: manage.sh <block|unblock> <hostname>"
    exit 1
 fi

 ACTION=$1
 HOSTNAME=$2

 MAC_ADDRESS=$(getmac.sh ${HOSTNAME})

 if [ -z "$MAC_ADDRESS" ]
  then
    echo "Unable to find MAC address for $HOSTNAME."
    exit 1
 fi

 RULE_NAME="Block-${HOSTNAME}-${MAC_ADDRESS//:/_}"

 case "$ACTION" in
    block)
        uci add firewall rule
        uci set firewall.@rule[-1].name="$RULE_NAME"
        uci set firewall.@rule[-1].src='lan'
        uci set firewall.@rule[-1].dest='wan'
        uci set firewall.@rule[-1].proto='all'
        uci set firewall.@rule[-1].src_mac="$MAC_ADDRESS"
        uci set firewall.@rule[-1].target='REJECT'
        uci commit firewall
        /etc/init.d/firewall restart
        echo "Device with hostname $HOSTNAME and MAC address $MAC_ADDRESS has been blocked from accessing the WAN."
        ;;
    unblock)
        RULE_ID=$(uci show firewall | grep -w "firewall.@rule" | grep -w "name='$RULE_NAME'" | cut -d'[' -f2 | cut -d']' -f1)

        if [ -z "$RULE_ID" ]
          then
            echo "No rule found for hostname $HOSTNAME and MAC address $MAC_ADDRESS."
            exit 1
        fi

        uci delete firewall.@rule[$RULE_ID]
        uci commit firewall
        /etc/init.d/firewall restart
        echo "Device with hostname $HOSTNAME and MAC address $MAC_ADDRESS has been unblocked from accessing the WAN."
        ;;
    *)
        echo "Invalid action. Usage: manage.sh <block|unblock> <hostname>"
        exit 1
        ;;
 esac
	#!/bin/sh

	# Check if hostname is provided
	if [ -z "$1" ]; then
	echo "Usage: $0 <hostname>"
	exit 1
	fi

	# Extract the hostname to look for
	hostname=$1

	awk -v hostname="$hostname" '
	BEGIN {
	FS="option"
	name = ""
	mac = ""
	}

	/^config host/ {
	name = ""
	mac = ""
	}

	/name/ {
	split($2, a, " ")
	name = a[2]
	gsub("\047", "", name)
	if (name == hostname && mac != "") {
	print mac
	exit
	}
	}

	/mac/ {
	split($2, a, " ")
	mac = a[2]
	gsub("\047", "", mac)
	if (name == hostname && mac != "") {
	print mac
	exit
	}
	}' /etc/config/dhcp
	#!/bin/sh

	if [ $# -ne 2 ]
	then
	echo "Usage: manage.sh <block\|unblock> <hostname>"
	exit 1
	fi

	ACTION=$1
	HOSTNAME=$2

	MAC_ADDRESS=$(getmac.sh ${HOSTNAME})

	if [ -z "$MAC_ADDRESS" ]
	then
	echo "Unable to find MAC address for $HOSTNAME."
	exit 1
	fi

	RULE_NAME="Block-${HOSTNAME}-${MAC_ADDRESS//:/_}"

	case "$ACTION" in
	block)
	uci add firewall rule
	uci set firewall.@rule[-1].name="$RULE_NAME"
	uci set firewall.@rule[-1].src='lan'
	uci set firewall.@rule[-1].dest='wan'
	uci set firewall.@rule[-1].proto='all'
	uci set firewall.@rule[-1].src_mac="$MAC_ADDRESS"
	uci set firewall.@rule[-1].target='REJECT'
	uci commit firewall
	/etc/init.d/firewall restart
	echo "Device with hostname $HOSTNAME and MAC address $MAC_ADDRESS has been blocked from accessing the WAN."
	;;
	unblock)
	RULE_ID=$(uci show firewall \| grep -w "firewall.@rule" \| grep -w "name='$RULE_NAME'" \| cut -d'[' -f2 \| cut -d']' -f1)

	if [ -z "$RULE_ID" ]
	then
	echo "No rule found for hostname $HOSTNAME and MAC address $MAC_ADDRESS."
	exit 1
	fi

	uci delete firewall.@rule[$RULE_ID]
	uci commit firewall
	/etc/init.d/firewall restart
	echo "Device with hostname $HOSTNAME and MAC address $MAC_ADDRESS has been unblocked from accessing the WAN."
	;;
	*)
	echo "Invalid action. Usage: manage.sh <block\|unblock> <hostname>"
	exit 1
	;;
	esac