Community discussions

 
delhite2
just joined
Topic Author
Posts: 5
Joined: Fri May 10, 2019 4:45 pm

Script needed

Fri May 10, 2019 4:57 pm

I am looking for a dhcp lease script, have tried my all for many days.
I want the script to match the combo of "host name - Mac" to previously saved "host name - Mac" in firewall mangle comments ( which is used to log traffic of users in hotspot).
If it matches dhcp lease should be good to go.
If it doesn't match it should be released
If the comments dont exist for first time login dhcp should be good to go.

Ps I have
1 script to add mangle rules, add comment based on host name - Mac combo
2 script to remove said rules and comments on expiry of hotspot user session.
 
delhite2
just joined
Topic Author
Posts: 5
Joined: Fri May 10, 2019 4:45 pm

Re: Script needed

Sat May 11, 2019 2:24 pm

<
{
:local mac $leaseActMAC
:local host $"lease-hostname"
:local male [/ip firewall mangle get value-name=comment [find comment~"$mac"]]
:local comp "$host - $mac "
:log info "$male"
:log info "$comp";
:local leng [:len [find $male "\$@"]]
:if [($male!=$comp)] do={
/ip hotspot cookie remove [find mac-address=$mac]
/ip hotspot active remove [find mac-address=$mac]}}
>

i have written this but it does not go past ":local male..." i suppose because it doesnt find the variable, so i need it to work even if said MAC user logs in for first time.
also to go with it i have written a user login script which adds the hostname - mac to the mangle comments.
essentially i want if the current hostname-mac is different than the one added in "mangle comments" then either the user needs to login again or we can script to deny dhcp lease altogether, but need to get past my error first, also if it is a first time login then user may go ahead.
 
delhite2
just joined
Topic Author
Posts: 5
Joined: Fri May 10, 2019 4:45 pm

Re: Script needed

Sun May 12, 2019 8:05 pm

:local mac $leaseActMAC
:local host $"lease-hostname"
:if ([/ip firewall mangle print count-only where comment~"$mac"]=0) do={
:log info "$mac doesnt exists, allowed"
} else ={
:local male (/ip firewall mangle get value-name=comment (find where comment~"$mac"));
:log info "matching hostname now";
:local comp "$host - $mac "
:log info "$male";
:log info "$comp";
:if [$male!=$comp] do={
:log info "error $mac already registered with different hostname";
/ip hotspot cookie remove [find mac-address=$mac]
/ip hotspot active remove [find mac-address=$mac]
} else ={
:log info "$mac registered with correct hostname";}}


i dont know but i still can not get the “male” variable to work, despite the fact that it will always output only one string and not array.
 
delhite2
just joined
Topic Author
Posts: 5
Joined: Fri May 10, 2019 4:45 pm

Re: Script needed, mac spoof protection.

Mon May 13, 2019 11:56 am

:local mac $leaseActMAC
:local host $"lease-hostname"
:global leaseBound
:if ($leaseBound = 1) do={
:local maccheck [/ip firewall mangle print count-only where comment~"$mac"]
:local hostcheck [/ip firewall mangle print count-only where comment="$host - $mac "]
:if ($maccheck = 0) do={
:log info "$mac not registered previously, allowed"}
:if (($maccheck = 1)&&($hostcheck = 0)) do={
:log info "error $mac already registered with different hostname, removing previous session"
/ip hotspot cookie remove [find mac-address=$mac]
/ip hotspot active remove [find mac-address=$mac]}
:if (($maccheck = 1)&&($hostcheck = 1)) do={
:log info "$mac registered with correct hostname $host"}}
:if ($leaseBound = 0) do={
:log info "$mac dhcp assign removed"}


Finally got it working.
Now will add a line to save to file all illegal attempts together with the log. That way I can just see one file and know if any attempts have been made to spoof mac..
Say what?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1303
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Script needed

Mon May 13, 2019 1:32 pm

Have you seen many attempts to spoof the mac address?
As long as you get in a log, you can send it to external syslog server and graph it.

See my signature for example on monitoring MT using Splunk.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
delhite2
just joined
Topic Author
Posts: 5
Joined: Fri May 10, 2019 4:45 pm

Re: Script needed

Mon May 13, 2019 8:59 pm

Have you seen many attempts to spoof the mac address?
As long as you get in a log, you can send it to external syslog server and graph it.

See my signature for example on monitoring MT using Splunk.
Not really, but I am logging all connections for legal purposes.
But now have separated the log file for script, so it is now easier to know what all is happening.

Who is online

Users browsing this forum: No registered users and 2 guests