Search This Blog
Showing posts with label shell. Show all posts
Showing posts with label shell. Show all posts

Tuesday, January 28, 2020

Copy standard switch port groups from one esx host to another

The below code asks for lmvap-vcs60 credentials, connects to Vcenter, and copied aesx11 vSwitch2 portgroups over to a new host called aesx05 using vSwitch1. (or so said my buddy Josh O. who wrote it) 

$vccred = get-credential
connect-viserver -server lmvap-vcs60.domain.tld -credential $vccred
$dest = get-virtualswitch -name vSwitch1 -vmhost aesx05.domain.tld
$source = get-virtualportgroup -vmhost aesx11.domain.tld -virtualswitch vSwitch2 -standard
$countvar = $source.count
for ($a=0 ; $a -le $countvar-1 ; $a++)
{
$pgname = $source[$a].name
$vlan = $source[$a].VLANID
new-virtualportgroup -virtualswitch $dest -name $pgname -VLANID $vlan
}
disconnect-viserver -server lmvap-vcs60.domain.tld -confirm:$false



at No comments:
Labels: , , ,

Friday, May 03, 2019

Parental control

Because you can't let the kids on YouTube 24/7 and some games are really addictive :)

The router must run OpenWRT or DD-WRT.

The kids devices must be assigned IP's from a certain range, let's say 192.168.1.128/28 by adding some lines similar to the following one into Additional Dnsmasq Options:
dhcp-host=set:red,AA:BB:CC:00:DD:22,kids-tv,192.168.1.130,43200m


A series of scripts must be put in /jffs/ and called by a cron job:

cat add_fw
#!/bin/sh
iptables -I FORWARD 1 -s 192.168.1.128/28 -j DROP
iptables -I FORWARD 2 -s 192.168.1.128/28 -m conntrack -j DROP --ctstate RELATED,ESTABLISHED

cat del_fw
#!/bin/sh
iptables -D FORWARD -s 192.168.1.128/28 -j DROP
iptables -D FORWARD -s 192.168.1.128/28 -m conntrack -j DROP --ctstate RELATED,ESTABLISHED

cat disable_game
#!/bin/sh
# DNS Rules
sed -e 's/^#//' -i /tmp/games-block.conf
sed -e 's/^#//' -i /tmp/yt-block.conf
restart_dns
# Force kids DNS to local
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.128/28 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.128/28 -p tcp --dport 53 -j DNAT --to 192.168.1.1
# Block all ports over :500
iptables -I FORWARD 5 -p tcp --source 192.168.1.128/28 --dport 500:65535 -j DROP

cat allow_game
#!/bin/sh
# Remove DNS rules
sed 's/^\([^#]\)/#\1/g' -i /tmp/games-block.conf
sed 's/^\([^#]\)/#\1/g' -i /tmp/yt-block.conf
restart_dns
# Remove Force kids DNS to local
iptables -t nat -D PREROUTING -i br0 -s 192.168.1.128/28 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -D PREROUTING -i br0 -s 192.168.1.128/28 -p tcp --dport 53 -j DNAT --to 192.168.1.1
# Unblock all ports over :500
iptables -D FORWARD -p tcp --source 192.168.1.128/28 --dport 500:65535 -j DROP


I do have an extra script that allow access to YouTube, without allowing games, this one is called only from a html page that I'll explain in a later post:

cat allow_yt
#!/bin/sh
sed 's/^\([^#]\)/#\1/g' -i /tmp/yt-block.conf
restart_dns


Those scripts are called by cron jobs that makes sure we don't have internet during the sleep hours and games & YouTube are permitted only during the weekend:
00 21 * * 0-4 root /jffs/add_fw
30 22 * * 5,6 root /jffs/add_fw
00 08 * * * root /jffs/del_fw
30 17 * * 5 root /jffs/allow_game
30 17 * * 0 root /jffs/disable_game


In order to block the DNS requests, the following Additional Dnsmasq Options needs to be added:
conf-file=/tmp/yt-block.conf
conf-file=/tmp/games-block.conf


The files /tmp/yt-block.conf and /tmp/games-block.conf are created by the startup script:
stopservice dnsmasq
echo "#address=/.roblox.com/192.168.1.1
#address=/.rbxcdn.com/192.168.1.1
#address=/.epicgames.com/192.168.1.1
#address=/.fortnitegame.com/192.168.1.1
#address=/.easyanticheat.com/192.168.1.1
#address=/.pixelgunserver.com/192.168.1.1
#address=/.applovin.com/192.168.1.1
#address=/.clashroyaleapp.com/192.168.1.1
#address=/.applifier.com/192.168.1.1
#address=/.chartboost.com/192.168.1.1
#address=/.fyber.com/192.168.1.1
#address=/.twitch.tv/192.168.1.1
#address=/.ttvnw.net/192.168.1.1
#address=/.leagueoflegends.com/192.168.1.1
#address=/.pvp.net/192.168.1.1
#address=/.riotgames.com/192.168.1.1
#address=/.garenanow.com/192.168.1.1
#address=/.ea.com/192.168.1.1
#address=/.respawn.com/192.168.1.1
#address=/.origin.com/192.168.1.1" > /tmp/games-block.conf
echo "#address=/.youtube.com/192.168.1.1
#address=/youtube.googleapis.com/192.168.1.1
#address=/youtubei.googleapis.com/192.168.1.1
#address=/.ytimg.com/192.168.1.1
#address=/ytimg.l.google.com/192.168.1.1
#address=/youtube.l.google.com/192.168.1.1
#address=/.googlevideo.com/192.168.1.1
#address=/.youtube-nocookie.com/192.168.1.1
#address=/.youtu.be/192.168.1.1" > /tmp/yt-block.conf
startservice dnsmasq


An "easy" way to run those scripts besides the scheduled cron jobs, is from the DD-WRT Administration -> Commands page:

at No comments:
Labels: , , , , , , , , ,

Monday, May 01, 2017

Limit number of unix logins 

cat .profile


#!/bin/sh
limit=3

session=`ps -ef | grep '\-sh' | grep $USER | grep -v grep`


number=`echo $session | wc -l`

if [ $number -ge $limit ]; then
echo "No more logins / Il n'y a plus de login. You are already logged as:
$session "

sleep 5
exit 0
fi












# to timeout after 15min of inactivity and forbid users to change the tmout:
echo "TMOUT=900
readonly TMOUT
export TMOUT" > /etc/profile.d/tmout.sh && chmox +x /etc/profile.d/tmout.sh













at





No comments:
  













Labels:
,
,
,
,
,

















          

        

          

        

Monday, October 03, 2016


          

        









Put the backup on a remote tape via ssh










#backup

   tar --verbose --exclude=/proc --exclude=/sys --exclude=/tmp --exclude=/mnt --totals -b2048 -jcpvf $SRC | ssh root@192.168.1.201 $(mt -f /dev/st0 rewind; cat > /dev/st0)



#restore

ssh root@192.168.1.201 "cat /dev/st0" | tar --exclude=/proc--exclude=/sys --exclude=/tmp --exclude=/mnt --totals -b2048 -jxpvf $DES
















at





No comments:
  













Labels:
,
,
,
,

















          

        

          

        

Saturday, November 28, 2015


          

        









TS-Remote-App: Create a launcher box containing the programs from C:\Users\Public\Desktop












This compiled .ahk will behave like an application launcher for 
multiple programs from TS in Remote-App mode. If you don't want it to 
launch the first program automatically, replace || with a single | on line #9.



Enjoy!







;(c)2014 sorin@xxxxxxxx.com under the terms of LGPL v2



#SingleInstance force



files =



Directory = C:\users\public\desktop



Loop, %Directory%\*.lnk, , 1



{



  fullfile = %A_LoopFileName%



  filename := RegExReplace(fullfile,"\.lnk","")



  files = %filename%||%files%



}







Gui, Color, 22BBFF



Gui -Caption +Border +AlwaysOnTop 



Gui, Font, S11, Tahoma



Gui, Add,Button, x255 Y3 w35 h22 gButtonOK, OK



Gui, Add,Button, x10 Y3 w35 h22 gButtonKill, X



Gui Add, ComboBox, X50 Y1 h10 r20 W200 vScript, %files%



Gui Show, x50 y0 H28 W300







ButtonOK:



GuiControlGet Script,, script



if script <>



Run, %Directory%\%script%.lnk, , ,PID



Return







ButtonKill:



Process, Close, %PID%



Sleep, 1000



exitapp



return










return












at





No comments:
  













Labels:
,
,

















        

      









Subscribe to:
Comments (Atom)