wifidog添加白名单,域名白名单和mac白名单
程序员文章站
2022-05-19 08:19:24
...
Wifidog域名白名单,域名过滤支持:wifodog源码中fw_iptables.c
fw_iptables.c 中iptables_compile 函数修改:
if (rule->mask != NULL) {
char *mask=rule->mask;
int mask_len=strlen(mask);
int is_domain=0,
i=0;
for(;i<mask_len;i++){
if((mask[i]>=46&&mask[i]<=57)||mask[i]==32){
continue;
}else{
is_domain=1;
break;
}
}
char * ip =NULL;
if(is_domain){
struct in_addr * h_addr =wd_gethostbyname(mask);
if(h_addr){
ip= safe_strdup(inet_ntoa(*h_addr));
free(h_addr);
}
if(ip){
mask=ip;
}else{
debug(LOG_ERR, "doamin %s not find ip try again!",mask);
mask="0.0.0.0";
}
}
snprintf((command + strlen(command)), (sizeof(command) -
strlen(command)), "-d %s ", mask);
if(ip){
free(ip);
}
}
conf.c中_parse_firewall_rule 函数修改:
for (i = 0; *(mask + i) != '\0'; i++)
if (!isdigit((unsigned char)*(mask + i))
&&!isalpha((unsigned char)*(mask + i))
&& (*(mask + i) != '-')
&& (*(mask + i) != '.')
&& (*(mask + i) != '/'))
all_nums = 0; /*< No longer only digits */
mac地址白名单,直接在wifidog.conf配置文件中添加信任的mac地址
添加黑白名单接口shell脚本:
modify_black_list.sh
#!/bin/sh
#-----$1=0,insert black_list $1=1,delete black_list , $2 is domain name-----#
set_list=/etc/init.d/set_black_list.sh
data_list=/mnt/sda1/data/black_list.txt
if [ $1 -eq 0 ]
then
if [ -n "$2" ]
then
str=`echo iptables -I WiFiDog_br-lan_Global -d $2 -j DROP`
echo $str>>$set_list
iptables -I WiFiDog_br-lan_Global -d "$2" -j DROP
# ./get_list.sh
cat $set_list |awk 'NR>2' |awk '{print $5}'>$data_list
fi
fi
#-----deleted black_list and restore domain name online------#
if [ $1 -eq 1 ]
then
if [ -n "$2" ]
then
sed -i 's/'"$2"' -j DROP/'"$2"' -j ACCEPT/' $set_list
iptables -I WiFiDog_br-lan_Global -d "$2" -j ACCEPT
sed -i '/'"$2"'/d' $set_list
cat $set_list |awk 'NR>2' |awk '{print $5}'>$data_list
fi
fi
modify_white_list.sh
#!/bin/sh
#-----$1=0,insert white_list $1=1,delete white_list , $2 is domain name-----#
set_list=/etc/init.d/set_white_list.sh
data_list=/mnt/sda1/data/white_list.txt
if [ $1 -eq 0 ]
then
if [ -n "$2" ]
then
str=`echo iptables -I WiFiDog_br-lan_Global -d $2 -j ACCEPT`
str1=`echo iptables -t nat -I WiFiDog_br-lan_Global -d $2 -j ACCEPT`
echo $str>>$set_list
echo $str1>>$set_list
iptables -I WiFiDog_br-lan_Global -d "$2" -j ACCEPT
iptables -t nat -I WiFiDog_br-lan_Global -d "$2" -j ACCEPT
cat $set_list |awk 'NR>2' |awk 'NR%2' |awk '{print $5}'>$data_list
fi
fi
#-----deleted black_list and restore domain name online------#
if [ $1 -eq 1 ]
then
if [ -n "$2" ]
then
sed -i 's/'"$2"' -j DROP/'"$2"' -j ACCEPT/' $set_list
iptables -I WiFiDog_br-lan_Global -d "$2" -j DROP
sed -i '/'"$2"'/d' $set_list
cat $set_list |awk 'NR>2' |awk 'NR%2' |awk '{print $5}'>$data_list
fi
fi
上一篇: Redis脚本实现分布式锁
下一篇: Android 自定义ListView