-
-
Save luckman212/124a81d5f295dfa5c6d1162aaef55842 to your computer and use it in GitHub Desktop.
#!/bin/sh | |
# set the variable below to your FIOS interface | |
IF=igb0 | |
/usr/bin/timeout 5m /usr/sbin/tcpdump -ni ${IF} 'icmp6 && ip6[40] == 134' >/tmp/${IF}_RAs.out | |
FSIZE=$(/usr/bin/stat -f '%z' /tmp/${IF}_RAs.out) | |
if [ "$FSIZE" -gt 1 ]; then | |
echo '<?php include("notices.inc"); $msg = "IPv6 RAs detected on interface '$IF'"; notify_via_smtp($msg);?>' | /usr/local/bin/php -q | |
fi |
Here's a different version of the script that actively sends out Router Solicitations using rtsol
instead of passively with tcpdump.
I haven't done as much testing with this one, so please give it a try and send any comments.
#!/bin/sh
IF=igb0
RESULT=$(/sbin/rtsol -DF $IF 2>&1 | /usr/bin/grep -E "received RA from [a-f0-9:\.]+ on $IF")
if [ -n "$RESULT" ]; then
echo '<?php include("notices.inc"); $msg = "IPv6 RAs detected on interface '$IF'"; notify_via_smtp($msg);?>' | /usr/local/bin/php -q
fi
Here's yet another version of this that's mostly PHP instead of shell script. This one also accepts an argument to define the interface to be checked. So, instead of modifying the script itself, you can just call it from Cron with e.g. ix0
an arg. This could also allow the same script to be used to check multiple interfaces. Example:
(save this script as /root/v6test.php
)
<?php
include("notices.inc");
if (!empty($argv[1])) {
$if = $argv[1];
} else {
$if = "igb0";
}
exec("/sbin/rtsol -DF $if 2>&1", $result, $retval);
if (($retval == 0) && (count($result))) {
$haystack = implode("\n", $result);
$needle = "received RA from [a-f0-9:\.]+ on $if";
preg_match("/$needle/", $haystack, $matches);
if (count($matches)) {
$msg = "IPv6 RAs detected on interface $if";
notify_via_smtp($msg);
}
}
?>
Thanks! For anyone like me didn't already have them setup, this assumes you've setup SMTP notifications in pfsense (System > Advanced > Notifications). I used my Gmail credentials as outlined in this blog post.
Great script! However, is there a way to tie the notification into Telegram?
@sectary-want-holly sure, just edit the notify_via_smtp()
line, change it to notify_via_telegram($msg);
@luckman212 well, I feel silly! Muchos gracious!
It's been pointed out that it might be better to actively send RS (router solicitations) rather than passively probing for RAs. The script above could be modified to use something like
rtsol -DF igb0
and listen for any responses. I'll do some testing and see if I can come up with a more efficient version.