Listing IPs from the dhcpd.conf

hermouche · November 9, 2017, 1:35pm

Hy everybody,

Within a dhcpd.conf file, we got some fixed IP adresses from 192.168.0.1 - 192.168.0.254.

Sample:

#ddns-update-style interim;
ddns-update-style none;
ignore client-updates;
deny client-updates;
authoritative;

#### By red for PXE Booting
allow booting;
allow bootp;
### End by red

log-facility local6;

subnet 192.168.0.0 netmask 255.255.255.0 {
        # --- default gateway

        ##### By red for PXE booting
        class "pxeclients" {    match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
        next-server 192.168.0.1;
        filename "linux-install/pxelinux.0"; }
        #### End by red

        option routers 192.168.0.1;
        option subnet-mask 255.255.255.0;
        # option nis-domain             "domain.org";
        option domain-name "ensm.intranet";
        option domain-name-servers 192.168.0.1;
        option time-offset -18000;
        range dynamic-bootp 192.168.0.5 192.168.0.239;
        default-lease-time 3600;
        max-lease-time 7200;
        # we want the nameserver to appear at a fixed address

        group {
        use-host-decl-names true;

        host Naoui-EISN1A {
                hardware ethernet 00:71:CC:6E:A3:33;
                fixed-address 192.168.0.6;
                }

        host Labdazi-EISN1A {
                hardware ethernet C0:38:96:72:8B:5B;
                fixed-address 192.168.0.7;
                }

        host Zair-EISN1A {
                hardware ethernet 08:ED:B9:08:94:09;
                fixed-address 192.168.0.8;
                }

        host Laddi-EISN1A {
                hardware ethernet D0:53:49:CB:FE:0F;
                fixed-address 192.168.0.9;
                }

        host Zeghar-EISN1A {
                hardware ethernet C4:8E:8F:8F:45:A7;
                fixed-address 192.168.0.10;
    }
    

      }
}

We need a bash script which list all the IP's in one text file in a way that :

Those Ip's who are part of the dhcpd.conf will be listed one per line and will have a '#' symbol at the begining, such as :

#192.168.0.6
#192.168.0.7
#192.168.0.8
.......
.......

All the other IP's who are not part of the dhcpd.conf will be just listed one per line :

192.168.0.100
192.168.0.101
192.168.0.201
.........
.........

Thanks a lot for your help

red

RudiC · November 9, 2017, 1:40pm

Where to start? What about the addresses given as

next-server 192.168.0.1;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
range dynamic-bootp 192.168.0.5 192.168.0.239;

And, should e.g. 192.168.1.xxx be excluded? Why?

hermouche · November 9, 2017, 1:59pm

Hy Rudic, nice to hear you again.
Well, NO they are not included.

Thanks RudiC

---------- Post updated at 01:49 PM ---------- Previous update was at 01:48 PM ----------

Just those who are in blue color within the dhcpd.conf .Thank you

---------- Post updated at 01:59 PM ---------- Previous update was at 01:49 PM ----------

Well from 192.168.0.1 - 192.168.0.254.

The 192.168.1.xxx is excluded because my dhcpd.conf is giving fixed ip addresses from 192.168.0.1 until 192.168.0.254.
I mean the 192.168.0.0/24 subnet.
in other ways:

192.168.0.1
192.168.0.2
192.168.0.4
.......
192.168.0.254

that's it .

Thanks again RudiC

RudiC · November 9, 2017, 2:06pm

Try

awk -F"[ ;]*" '
/^subnet/       {SUBNET = $2
                }
/^ *fixed/      {FXIP[$3]
                }
END             {sub (/[^.]*$/, "", SUBNET)
                 for (i=1; i<255; i++)   {TMP = sprintf ("%s%d", SUBNET, i) 
                                         printf "%c%s\n", (TMP in FXIP)?"#":"", TMP
                                        }
                }
' dhcpd.conf
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
#192.168.0.6
#192.168.0.7
#192.168.0.8
#192.168.0.9
#192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
192.168.0.15
.
.
.

Next time please post your own efforts and evtl. errors / failures / shortcomings.

hermouche · November 9, 2017, 2:28pm

Yes as usual you are the best. It works perfectly.
You 're right i should post my own script first and then .....

Well the result will be written in a file called "ipblocked"

and then i will run the following script against it like this:

#./ipblock.sh

#!/bin/bash
BLOCKDB=/etc/squid/ipblocked
IPS=$(grep -Ev "^#" $BLOCKDB)
for i in $IPS
do
iptables -I FORWARD -s $i -j DROP

The final result will be part of my firewall (iptables).
I mean all the IP's who got the # symbol will be allowed to pass the forward chain, and all the others (the rest) will be dropped.

Thanks again RudiC.

RudiC · November 9, 2017, 2:33pm

Well, remembering your other threads, I could imagine it possible to combine everything (ACCEPT, DROP) into one single script reading your dhcpd.conf once.

hermouche · November 10, 2017, 7:01am

Exactly, that's my GOAL RudiC

Thanks

---------- Post updated at 02:37 PM ---------- Previous update was at 02:35 PM ----------

I will try to put every thing in just one script and i will post it. It may help others which have the same situation.

---------- Post updated 11-10-17 at 07:01 AM ---------- Previous update was 11-09-17 at 02:37 PM ----------

Something is strange, i can't catch it !!!

If the output of the following code is on the screen, i got the right things i.e:

awk -F"[ ;]*" '
/^subnet/       {SUBNET = $2
                }
/^ *fixed/      {FXIP[$3]
                }
END             {sub (/[^.]*$/, "", SUBNET)
                 for (i=1; i<255; i++)   {TMP = sprintf ("%s%d", SUBNET, i)
                                         printf "%c%s\n", (TMP in FXIP)?"#":"", TMP
                                        }
                }
' /home/red/dhcpd.conf

The result:

192.168.0.235
192.168.0.236
192.168.0.237
192.168.0.238
#192.168.0.239
#192.168.0.240
#192.168.0.241
#192.168.0.242

Now if the output of the same code is sent to a file , i got other things �.e:

 awk -F"[ ;]*" '
/^subnet/       {SUBNET = $2
                }
/^ *fixed/      {FXIP[$3]
                }
END             {sub (/[^.]*$/, "", SUBNET)
                 for (i=1; i<255; i++)   {TMP = sprintf ("%s%d", SUBNET, i)
                                         printf "%c%s\n", (TMP in FXIP)?"#":"", TMP
                                        }
                }
' /home/red/dhcpd.conf  > /home/red/ipblocked.txt

^@192.168.0.235
^@192.168.0.236
^@192.168.0.237
^@192.168.0.238
#192.168.0.239
#192.168.0.240
#192.168.0.241
#192.168.0.242

I got this : ^@

Why and how to take off these ^@ from the output !

Thanks a lot:)

RudiC · November 10, 2017, 9:36am

Three comments first:

use CODE not QUOTE tags for both code and data / output / errors.
no caleidoscope (abundant colours) needed.
ALWAYS add your environment info: OS, awk, etc. versions.

Your ^@ problem comes from the %c format specifier in the printf command. Replace by %s . My fault, sorry.

hermouche · November 15, 2017, 10:28am

Hy,

I'm still working on the same firewall

I've got a file with such a following lines:

192.168.0.6     00:71:CC:6E:A3:33   
192.168.0.7     C0:38:96:72:8B:5B   
192.168.0.8     08:ED:B9:08:94:09   
192.168.0.9     D0:53:49:CB:FE:0F   
192.168.0.10    C4:8E:8F:8F:45:A7   
192.168.0.11     54:35:30:4E:01:8D   
192.168.0.12     DC:A9:71:9B:3C:AA   
192.168.0.13     D8:5D:E2:4E:F2:C5

How to revert them, i mean like this:

00:71:CC:6E:A3:33    192.168.0.6
C0:38:96:72:8B:5B     192.168.0.7
.......
.......

I've got gawk-3.1.7-10 and sed-4.2.1-10 in my OS

I have no idea of how to do it, so i'm sorry i can't give my own work!!

Thanks a lot.

Scott · November 15, 2017, 10:31am

while read ip mac x; do
   echo $mac $ip
done < file

00:71:CC:6E:A3:33 192.168.0.6
C0:38:96:72:8B:5B 192.168.0.7
08:ED:B9:08:94:09 192.168.0.8
D0:53:49:CB:FE:0F 192.168.0.9
C4:8E:8F:8F:45:A7 192.168.0.10
54:35:30:4E:01:8D 192.168.0.11
DC:A9:71:9B:3C:AA 192.168.0.12
D8:5D:E2:4E:F2:C5 192.168.0.13

edit: I 'undeleted' my post because you referenced it two posts from now, but RudiC is right.. this should be done when producing the file. Sorry for butting in without reading the thread

RudiC · November 15, 2017, 10:33am

Why not just reverse the output fields when producing the file?

hermouche · November 15, 2017, 10:45am

Thank you for the very quick reply Scott
It seem's so simple when we see the solution ......

Thanks again,

---------- Post updated at 10:45 AM ---------- Previous update was at 10:35 AM ----------

Hello RudiC,

Well the file comes from your sed command:

sed -n '/^ *hardware ethernet/ {s///; h; d;}; /^ *fixed-address / {s///; G; s/[;\n]//g; s/ / -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source /; s/^/iptables -I FORWARD -s /; s/$/ -j ACCEPT/; p;}' /etc/dhcp/dhcpd.conf >> forward.sh

Then i flushed all the uneeded letters from the forward.sh file in order to get a file with these two rows (ip & MAC)

Thanks RudiC for your interest , appreciated

RudiC · November 15, 2017, 11:47am

Well, I was afraid you did so: combining multiple "sub solutions" (small solutions to fulfill / resolve partial problems) collected when posting "sub questions" into an overly complex "general solution".

This is not what I imagined in post#6: one single command / script, be it sed or awk reading your dhcpd.conf once and outputting the rules file for your iptables

Take a step back and reconsider the overall problem, taking into account the basic input data and the required output. Methinks you've got everything at your fingertips from yout recent threads / posts.

hermouche · November 15, 2017, 12:47pm

LOL, actually I am using all the combined codes of all the previews posts for my firewall (your codes)

Now, this is different, i want to fill a file /etc/ethers with these two columns IP & MAC

So the question : from where can i bring the IP's and the MAC adresses. That's why i said (dhcpd.conf) in this last post.

man ethers

RudiC · November 15, 2017, 2:29pm

From your dhcpd.conf, use

subnet 192.168.0.0 netmask 255.255.255.0 {

to identify the IP range considered. From the

  host . . .  { . . .

blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.

hermouche · November 15, 2017, 4:53pm

rudic:

From your dhcpd.conf, use
subnet 192.168.0.0 netmask 255.255.255.0 { 
to identify the IP range considered. From the
  host . . .  { . . . 
blocks, extract the iptables . . . FORWARD . . . ACCEPT rules, and collect (and print out) the /etc/ethers info.
The "relative complement" of the IP range then can be used to define the iptables . . . DROP rules.

Thank you for your answer but you are talking to a newbee in scripting so ?!

Thanks again .

RudiC · November 16, 2017, 7:27am

I was thinking about applying some exercise and creativity? How about

awk -F"[ ;]*" '
/^subnet/       {SUBNET = $2
                }
/^ *host.* {/   {getline
                 TMP = $4
                 getline
                 FXIP[$3] = TMP
                }
END             {sub (/[^.]*$/, "", SUBNET)
                 for (i=1; i<25; i++)   {TMP = sprintf ("%s%d", SUBNET, i) 
                                         printf "iptables -I FORWARD -s %s", TMP
                                          if (TMP in FXIP)       print " -p tcp -m multiport --dports  110,143,25,465,585,993,995,80,443 -m mac --mac-source " FXIP[TMP] " -j  ACCEPT"
                                           else                 print " -j DROP"
                                        }
                 for ( f in FXIP) print FXIP[f], f , " > ./etc_ethers"
                }
' dhcpd.conf
iptables -I FORWARD -s 192.168.0.1 -j DROP
iptables -I FORWARD -s 192.168.0.2 -j DROP
iptables -I FORWARD -s 192.168.0.3 -j DROP
iptables -I FORWARD -s 192.168.0.4 -j DROP
iptables -I FORWARD -s 192.168.0.5 -j DROP
iptables -I FORWARD -s 192.168.0.6 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 00:71:CC:6E:A3:33 -j ACCEPT
iptables -I FORWARD -s 192.168.0.7 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C0:38:96:72:8B:5B -j ACCEPT
iptables -I FORWARD -s 192.168.0.8 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source 08:ED:B9:08:94:09 -j ACCEPT
iptables -I FORWARD -s 192.168.0.9 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source D0:53:49:CB:FE:0F -j ACCEPT
iptables -I FORWARD -s 192.168.0.10 -p tcp -m multiport --dports 110,143,25,465,585,993,995,80,443 -m mac --mac-source C4:8E:8F:8F:45:A7 -j ACCEPT
iptables -I FORWARD -s 192.168.0.11 -j DROP
iptables -I FORWARD -s 192.168.0.12 -j DROP
iptables -I FORWARD -s 192.168.0.13 -j DROP
iptables -I FORWARD -s 192.168.0.14 -j DROP
iptables -I FORWARD -s 192.168.0.15 -j DROP
iptables -I FORWARD -s 192.168.0.16 -j DROP
iptables -I FORWARD -s 192.168.0.17 -j DROP
iptables -I FORWARD -s 192.168.0.18 -j DROP
iptables -I FORWARD -s 192.168.0.19 -j DROP
iptables -I FORWARD -s 192.168.0.20 -j DROP
iptables -I FORWARD -s 192.168.0.21 -j DROP
iptables -I FORWARD -s 192.168.0.22 -j DROP
iptables -I FORWARD -s 192.168.0.23 -j DROP
iptables -I FORWARD -s 192.168.0.24 -j DROP
D0:53:49:CB:FE:0F 192.168.0.9  > ./etc_ethers
08:ED:B9:08:94:09 192.168.0.8  > ./etc_ethers
C0:38:96:72:8B:5B 192.168.0.7  > ./etc_ethers
00:71:CC:6E:A3:33 192.168.0.6  > ./etc_ethers
C4:8E:8F:8F:45:A7 192.168.0.10  > ./etc_ethers

Be aware that

this prints out a subset (1 - 25) of the IP range in question, intentionally
fakes the redirection into an "ethers" file
could be enhanced to calculate the IP range from subnet and netmask instead of using fixed IPs

hermouche · November 16, 2017, 8:56am

Thanks a lot RudiC - but It is not so easy for me to follow this script .(to high for me)
Any way i am keeping it and i will study it later on.

I should say that I learned a lot from you, thanks a lot RudiC for your perseverance and patience.