欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

wifidog添加白名单,域名白名单和mac白名单

程序员文章站 2022-05-19 08:19:24
...

Wifidog域名白名单,域名过滤支持:wifodog源码中fw_iptables.c

fw_iptables.c 中iptables_compile 函数修改:

if (rule->mask != NULL) {
        char *mask=rule->mask;
        int mask_len=strlen(mask);
        int is_domain=0,
            i=0;
        for(;i<mask_len;i++){
            if((mask[i]>=46&&mask[i]<=57)||mask[i]==32){
                continue;
            }else{
                is_domain=1;
                break;
            }
        }
        char * ip =NULL;
        if(is_domain){
            struct in_addr * h_addr =wd_gethostbyname(mask);
            if(h_addr){
                ip= safe_strdup(inet_ntoa(*h_addr));
                free(h_addr);
            }
            if(ip){
                mask=ip;
            }else{
                debug(LOG_ERR, "doamin %s not find ip try again!",mask);
                mask="0.0.0.0";
            }
        }
        snprintf((command + strlen(command)), (sizeof(command) -
                    strlen(command)), "-d %s ", mask);
        if(ip){
            free(ip);
        }
}

conf.c中_parse_firewall_rule 函数修改:

for (i = 0; *(mask + i) != '\0'; i++)
            if (!isdigit((unsigned char)*(mask + i))
                    &&!isalpha((unsigned char)*(mask + i))
                    && (*(mask + i) != '-')
                    && (*(mask + i) != '.')
                    && (*(mask + i) != '/'))
                all_nums = 0; /*< No longer only digits */

mac地址白名单,直接在wifidog.conf配置文件中添加信任的mac地址

添加黑白名单接口shell脚本:

modify_black_list.sh  
#!/bin/sh
#-----$1=0,insert black_list  $1=1,delete black_list , $2 is domain name-----#

set_list=/etc/init.d/set_black_list.sh
data_list=/mnt/sda1/data/black_list.txt

if [ $1 -eq 0 ]
   then
      if [ -n "$2" ]
      then
        str=`echo iptables -I WiFiDog_br-lan_Global -d $2 -j DROP`

        echo $str>>$set_list

        iptables -I WiFiDog_br-lan_Global -d "$2" -j DROP

#       ./get_list.sh

        cat $set_list |awk 'NR>2' |awk '{print $5}'>$data_list
      fi
fi

#-----deleted black_list and restore domain name online------#

if [ $1 -eq 1 ]
   then
     if [ -n "$2" ]
     then
        sed -i 's/'"$2"' -j DROP/'"$2"' -j ACCEPT/' $set_list

        iptables -I WiFiDog_br-lan_Global -d "$2" -j ACCEPT

        sed -i '/'"$2"'/d' $set_list

        cat $set_list |awk 'NR>2' |awk '{print $5}'>$data_list
     fi
fi
modify_white_list.sh
#!/bin/sh
#-----$1=0,insert white_list  $1=1,delete white_list , $2 is domain name-----#

set_list=/etc/init.d/set_white_list.sh
data_list=/mnt/sda1/data/white_list.txt

if [ $1 -eq 0 ]
   then
      if [ -n "$2" ]
      then
        str=`echo iptables -I WiFiDog_br-lan_Global -d $2 -j ACCEPT`
        str1=`echo iptables -t nat -I WiFiDog_br-lan_Global -d $2 -j ACCEPT`

        echo $str>>$set_list
        echo $str1>>$set_list

        iptables -I WiFiDog_br-lan_Global -d "$2" -j ACCEPT
        iptables -t nat -I WiFiDog_br-lan_Global -d "$2" -j ACCEPT

        cat $set_list |awk 'NR>2' |awk 'NR%2' |awk '{print $5}'>$data_list
      fi
fi

#-----deleted black_list and restore domain name online------#

if [ $1 -eq 1 ]
   then
     if [ -n "$2" ]
     then
        sed -i 's/'"$2"' -j DROP/'"$2"' -j ACCEPT/' $set_list

        iptables -I WiFiDog_br-lan_Global -d "$2" -j DROP

        sed -i '/'"$2"'/d' $set_list

        cat $set_list |awk 'NR>2' |awk 'NR%2' |awk '{print $5}'>$data_list
     fi
fi