Block and kill illegal IP addresses in Linux

Concept
After deciding to use ARP binding, we should consider the implementation of ARP. ARPAddress Resolution Protocol) is used to notify the recipient's computer or network device of the MAC address corresponding to their IP address. If all illegal users are assigned an incorrect MAC address, they cannot access the Internet through this server. Therefore, ARP binding requires that all possible IP addresses be bound to the MAC address to prevent unauthorized users ).
After some thought, I have determined the preliminary idea. First, generate an invalid MAC address matching table from 10.0.0.1 to 10.0.3.254 using the Linux Shell loop method, which is called a global table. Then, a table of valid user IP addresses and MAC addresses is obtained based on the DHCP server data. Then, read the IP addresses of each user in the valid table and search for matched IP addresses in the global table. If yes, replace the original invalid MAC address with the MAC address of the valid user. Finally, valid users in the global table match the correct MAC address, while invalid users match invalid MAC addresses. As long as the user writes this table to the system ARP cache, illegal users cannot use the Gateway by simply stealing IP addresses.
Implementation
First, an initial global table is generated. It contains all IP addresses, and each IP address matches an invalid MAC address. The format must be recognized by arp commands. The script for initializing the global table is init. The content is as follows:
#! /Bin/bash
IP prefix = 10.0.
Count1 = 0
While ($ count1 <4 ))
Do
Count2 = 1
While ($ count2 <255 ))
Do
Echo "$ ipprefix $ count1. $ count2 00e000000001"
Let $ count2 + = 1
Done
Let $ count1 + = 1
Done
After writing the archive, run the "chmod + x init" command to make the script executable. Run the script init> arp to save the result to the arp file in the current directory. This file is the ARP table bound to all IP addresses 10.0.0.1 to 10.0.3.254 and MAC address 00e000000001. It looks like the following:
10.0.0.1 00e000000001
10.0.0.2 00e000000001
10.0.0.3 00e000000001
10.0.0.4 00e000000001
10.0.0.5 00e000000001
......
Note that although the Shell script syntax is similar to the C language, it has strict format requirements. In some cases, spaces are not allowed, and in some cases spaces are required. For example, let $ count1 + = 1 cannot be written as let $ count1 + = 1; on the contrary, while ($ count1 <4 )) it cannot be written as while ($ count1 <4), and there must be spaces between the brackets and the statement.
The following figure uses the DHCP server to obtain a table that matches the IP address and MAC address of a valid user. This is assumed to be the valid. arp file. Write a script to read the table one by one row. Find the same IP address in the arp file generated earlier. If yes, replace the MAC address of the IP address in the arp file with the MAC address of the IP address in valid. arp. The valid. arp file may look like the following:
10.0.0.2 00e00a0f1d2c
...
10.0.1.25 00e0b2c3d5c1
...
Replace the search script with replace. The content is as follows:
#! /Bin/bash
# Define and initialize three variables: valid user table, global table, and table for exchange
ValidArp = valid. arp
GlobalArp = arp
TmpArp = tmp. arp
Count = 1
#371 is the total number of valid users, that is, the number of records in the valid. arp table, and then add 1
While (count <371 ))
Do
# The "sed-n" "$ count" P' $ validArp "command prints the $ count record in the valid. arp file each time.
# For example, when $ count = 1, the command will print: 10.0.0.2 00e00a0f1d2c2
# Eval $ getValid executes the statements contained in the $ getValid variable and assigns the result to the variable $ curRec
GetValid = "sed-n'" $ count "P' $ validArp"
CurRec = 'eval $ getvalid'
# The echo $ curRec awk '{print $1}' command prints the first field of the $ curRec content, that is, the IP address.
# Assign this IP address to the $ curIP variable.
GetIP = "echo $ curRec awk '{print \ $1 }'"
CurIP = 'eval $ getIP'
# In this way, we obtain the IP address, IP address, and MAC address pairs of Valid users. The next step is the most critical step.
# The following two statements are used to search for items that match the obtained IP address in the global table. After finding the items, add the IP addresses of Valid users to the record.
And MAC address pairs, then delete the old illegal IP address and MAC address pairs, and save the results to a new file tmp. arp
Replace = "sed-e '/$ curIP \>/a \ $ curRec'-e '/$ curIP \>/d' $ globalArp> $ tmpArp"
Eval $ replace then overwrite the global table file with the new file, and add the counter to 1 for the next cycle
Cp-f $ tmpArp $ globalArp
Let count + = 1
Done
The script ends. Note: first, all statements containing the "eval" command use reverse quotation marks, which are usually placed on the Tab key, in this way, the variable can get the statement execution result, instead of the statement itself. Second, if the variable and other letters are together, use double quotation marks to include the variable, otherwise, an incorrect variable name will appear, for example, the following statement:
GetValid = "sed-n'" $ count "P' $ validArp"
If you wrap the variable $ count without double quotation marks, Shell considers the user's variable $ countp rather than $ count.
After executing replace, you can view the arp file and find all of them in valid. IP address and MAC address pair in the arp file. The initialized MAC address has been replaced with the correct MAC address.
Finally, copy the obtained arp file to/etc/ethers and run "arp-f" at system startup to match the IP address with the MAC address.
Summary
It is not difficult to find that Linux inherits the excellent Unix tradition and has powerful and complete system management methods. As long as you master some common commands and tools, you can greatly improve the system management efficiency and reduce the management work intensity. Learning and mastering these methods is what every qualified Linux system administrator should do.