Initial commit: DHCP whitelist service for direct link connections
Features: - Docker-based DHCP server with MAC address whitelisting - Binds to specific ethernet interface only - NO DNS/gateway advertised (direct link only, not a router) - Configurable network parameters (subnet, DHCP range, lease times) - Systemd service integration for Arch/Manjaro - Test environment with isolated network (172.20.0.0/24) - Auto-configuration script to detect network settings - Complete Makefile with management targets Security: - Only responds to whitelisted MAC addresses - deny unknown-clients configuration - Runs in Docker container for isolation Configuration: - Copy .example files to create your config - interface.conf: Network interface to bind to - whitelist.conf: Allowed MAC addresses - network.conf: Network parameters (optional)
This commit is contained in:
Executable
+134
@@ -0,0 +1,134 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Check if running as root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "This script must be run with sudo"
|
||||
echo "Usage: sudo make install"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SERVICE_NAME="dhcp-whitelist"
|
||||
SERVICE_FILE="systemd/${SERVICE_NAME}.service"
|
||||
SYSTEMD_DIR="/etc/systemd/system"
|
||||
CONFIG_DIR="/etc/dhcp-whitelist"
|
||||
PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
|
||||
echo "=== Installing DHCP Whitelist Service ==="
|
||||
echo
|
||||
|
||||
# Check if Docker is installed
|
||||
if ! command -v docker &> /dev/null; then
|
||||
echo "Error: Docker is not installed"
|
||||
echo "Please install Docker first"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if docker-compose is installed
|
||||
if ! command -v docker-compose &> /dev/null; then
|
||||
echo "Error: docker-compose is not installed"
|
||||
echo "Please install docker-compose first"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Create config directory
|
||||
echo "Creating configuration directory: ${CONFIG_DIR}"
|
||||
mkdir -p "${CONFIG_DIR}"
|
||||
|
||||
# Copy configuration files
|
||||
echo "Copying configuration files..."
|
||||
if [ -f "${PROJECT_DIR}/config/interface.conf" ]; then
|
||||
cp "${PROJECT_DIR}/config/interface.conf" "${CONFIG_DIR}/"
|
||||
echo " Copied interface.conf"
|
||||
else
|
||||
echo "Warning: config/interface.conf not found"
|
||||
echo " Creating default interface.conf"
|
||||
echo "enp0s13f0u3" > "${CONFIG_DIR}/interface.conf"
|
||||
fi
|
||||
|
||||
if [ -f "${PROJECT_DIR}/config/whitelist.conf" ]; then
|
||||
cp "${PROJECT_DIR}/config/whitelist.conf" "${CONFIG_DIR}/"
|
||||
echo " Copied whitelist.conf"
|
||||
else
|
||||
echo "Warning: config/whitelist.conf not found"
|
||||
echo " Creating empty whitelist.conf"
|
||||
touch "${CONFIG_DIR}/whitelist.conf"
|
||||
fi
|
||||
|
||||
# Set proper permissions
|
||||
chmod 644 "${CONFIG_DIR}"/*.conf
|
||||
echo "Configuration files installed to: ${CONFIG_DIR}"
|
||||
|
||||
# Create service file from template
|
||||
echo
|
||||
echo "Creating systemd service file..."
|
||||
cat > "${SYSTEMD_DIR}/${SERVICE_NAME}.service" << EOF
|
||||
[Unit]
|
||||
Description=DHCP Whitelist Service
|
||||
After=network.target docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
WorkingDirectory=${PROJECT_DIR}
|
||||
Environment="CONFIG_DIR=${CONFIG_DIR}"
|
||||
|
||||
# Pre-start: Build the image
|
||||
ExecStartPre=/usr/bin/docker-compose build
|
||||
|
||||
# Start the service
|
||||
ExecStart=/usr/bin/docker-compose up
|
||||
|
||||
# Stop the service
|
||||
ExecStop=/usr/bin/docker-compose down
|
||||
|
||||
# Reload config by restarting containers
|
||||
ExecReload=/usr/bin/docker-compose restart
|
||||
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
echo "Service file created: ${SYSTEMD_DIR}/${SERVICE_NAME}.service"
|
||||
|
||||
# Create docker-compose override for service mode
|
||||
echo
|
||||
echo "Creating docker-compose override for service mode..."
|
||||
cat > "${PROJECT_DIR}/docker-compose.override.yml" << EOF
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
dhcp-server:
|
||||
volumes:
|
||||
- ${CONFIG_DIR}:/config:ro
|
||||
EOF
|
||||
|
||||
# Reload systemd
|
||||
echo
|
||||
echo "Reloading systemd daemon..."
|
||||
systemctl daemon-reload
|
||||
|
||||
echo
|
||||
echo "=== Installation Complete ==="
|
||||
echo
|
||||
echo "Configuration files location: ${CONFIG_DIR}"
|
||||
echo " - ${CONFIG_DIR}/interface.conf"
|
||||
echo " - ${CONFIG_DIR}/whitelist.conf"
|
||||
echo
|
||||
echo "Service management commands:"
|
||||
echo " Start service: systemctl start ${SERVICE_NAME}"
|
||||
echo " Stop service: systemctl stop ${SERVICE_NAME}"
|
||||
echo " Enable on boot: systemctl enable ${SERVICE_NAME}"
|
||||
echo " Check status: systemctl status ${SERVICE_NAME}"
|
||||
echo " View logs: journalctl -u ${SERVICE_NAME} -f"
|
||||
echo
|
||||
echo "Or use make targets:"
|
||||
echo " make service_up - Enable and start service"
|
||||
echo " make service_down - Stop and disable service"
|
||||
echo
|
||||
echo "To start the service now, run: make service_up"
|
||||
Reference in New Issue
Block a user