-
-
Save luckman212/124a81d5f295dfa5c6d1162aaef55842 to your computer and use it in GitHub Desktop.
| #!/bin/sh | |
| # set the variable below to your FIOS interface | |
| IF=igb0 | |
| /usr/bin/timeout 5m /usr/sbin/tcpdump -ni ${IF} 'icmp6 && ip6[40] == 134' >/tmp/${IF}_RAs.out | |
| FSIZE=$(/usr/bin/stat -f '%z' /tmp/${IF}_RAs.out) | |
| if [ "$FSIZE" -gt 1 ]; then | |
| echo '<?php include("notices.inc"); $msg = "IPv6 RAs detected on interface '$IF'"; notify_via_smtp($msg);?>' | /usr/local/bin/php -q | |
| fi |
Here's yet another version of this that's mostly PHP instead of shell script. This one also accepts an argument to define the interface to be checked. So, instead of modifying the script itself, you can just call it from Cron with e.g. ix0 an arg. This could also allow the same script to be used to check multiple interfaces. Example:
(save this script as /root/v6test.php)
<?php
include("notices.inc");
if (!empty($argv[1])) {
$if = $argv[1];
} else {
$if = "igb0";
}
exec("/sbin/rtsol -DF $if 2>&1", $result, $retval);
if (($retval == 0) && (count($result))) {
$haystack = implode("\n", $result);
$needle = "received RA from [a-f0-9:\.]+ on $if";
preg_match("/$needle/", $haystack, $matches);
if (count($matches)) {
$msg = "IPv6 RAs detected on interface $if";
notify_via_smtp($msg);
}
}
?>
Thanks! For anyone like me didn't already have them setup, this assumes you've setup SMTP notifications in pfsense (System > Advanced > Notifications). I used my Gmail credentials as outlined in this blog post.
Great script! However, is there a way to tie the notification into Telegram?
@sectary-want-holly sure, just edit the notify_via_smtp() line, change it to notify_via_telegram($msg);
@luckman212 well, I feel silly! Muchos gracious!
Here's a different version of the script that actively sends out Router Solicitations using
rtsolinstead of passively with tcpdump.I haven't done as much testing with this one, so please give it a try and send any comments.