{"id":641,"date":"2015-07-31T17:57:45","date_gmt":"2015-07-31T20:57:45","guid":{"rendered":"http:\/\/www.tech-nico.com\/blog\/?p=641"},"modified":"2015-07-31T18:05:23","modified_gmt":"2015-07-31T21:05:23","slug":"script-mikrotik-para-bloquear-dispositivos-moviles-con-dhcp","status":"publish","type":"post","link":"http:\/\/www.tech-nico.com\/blog\/script-mikrotik-para-bloquear-dispositivos-moviles-con-dhcp\/","title":{"rendered":"Script Mikrotik para bloquear dispositivos m\u00f3viles con DHCP"},"content":{"rendered":"

El script nacio por un\u00a0comentario <\/a>de nuestro colaborador \u00abFelix Serrato\u00bb que NO\u00a0vio la necesidad de bloquear los dispositivos celulares usando firewall o bridge filter<\/a>. Es decir, bloquearlos directamente en los \u00ableases\u00bb del dhcp-server y ademas que el board Mikrotik\u00a0utilice\u00a0menos recursos (si es que hay muchos dispositivos para\u00a0bloquear en tu red).<\/p>\n

Efectividad:\u00a0<\/strong><\/p>\n

Si bien el script es muy efectivo,\u00a0probando me encontr\u00e9 con la particularidad de que no bloquea al instante. Te bloquea el lease (para que, A\u00a0tu mac-address ya no le pueda entregar\u00a0nunca mas una direccion IP), pero al filtrar por DHCP, no te quita la navegacion hasta que tu dispositivo vuelva a pedir una nueva solicitud\u00a0DHCP. Una vez que apago y\u00a0enciendo el Wifi de mi celular queda en \u00abObteniendo una direccion IP\u00bb.\u00a0Sin embargo los\u00a02 scripts mencionados al principio (por bridge y por firewall),\u00a0filtran\u00a0en el acto.<\/p>\n

Funcionamiento:<\/strong><\/p>\n

El script busca en la lista de dhcp-server leases todos los clientes conectados con el flag \u00abdynamic=yes\u00bb y donde el dhcp server sea el que definimos en la variable DHCPSERVER. Esto es por si tenemos mas de 1 servidor dhcp para no filtrar en todos. Busca\u00a0el host-name coincida con \u00abAndroid\u00bb, \u00abiPad\u00bb, etc, entonces agrega un nuevo lease con el flag \u00abblock-access=yes\u00bb para ese mac. Finalmente libera a todos los leases con ese nombre para no ocupar una direccion IP.<\/p>\n

Solo hay que definirle el nombre del DHCP-server.<\/p>\n

\r\n########## INICIO DEL SCRIPT\r\n:local DHCPSERVER "dhcp1";\r\n# # www.tech-nico.com \r\n\r\n:foreach i in=[\/ip dhcp-server lease find dynamic=yes active-server=$DHCPSERVER] do={\r\n\t:local DhcpDynMAC [\/ip dhcp-server lease get $i mac-address];\r\n                :local DhcpDynCLIENTID [\/ip dhcp-server lease get $i active-client-id];\r\n\t:local DhcpDynHOST [\/ip dhcp-server lease get $i host-name];\r\n\t:local phoneNAME [:pick $DhcpDynHOST 0 4];\r\n\r\n\t:if ( ($phoneNAME="BLUS") || ($phoneNAME="iPad") || ($phoneNAME="andr") || ($phoneNAME="Andr") || ($phoneNAME="Wind") || ($phoneNAME="iPho") || ($phoneNAME="BLAC") ) do={\r\n\t\t\/ip dhcp-server lease add block-access=yes mac-address="$DhcpDynMAC" use-src-mac=yes comment="$DhcpDynHOST" server="$DHCPSERVER" client-id="$DhcpDynCLIENTID";\r\n\t}\r\n}\r\n\/ip dhcp-server lease remove [find host-name~"BLUS*"]\r\n\/ip dhcp-server lease remove [find host-name~"android*"]\r\n\/ip dhcp-server lease remove [find host-name~"Android*"]\r\n\/ip dhcp-server lease remove [find host-name~"Windows*"]\r\n\/ip dhcp-server lease remove [find host-name~"iPad*"]\r\n\/ip dhcp-server lease remove [find host-name~"iPhone*"]\r\n\/ip dhcp-server lease remove [find host-name~"BLACKBERRY*"]\r\n############## FIN DEL SCRIPT\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
El script nacio por un\u00a0comentario de nuestro colaborador \u00abFelix Serrato\u00bb que NO\u00a0vio la necesidad de bloquear los dispositivos celulares usando firewall o bridge filter. Es decir, bloquearlos directamente en los \u00ableases\u00bb del dhcp-server y ademas que el board Mikrotik\u00a0utilice\u00a0menos recursos … Sigue leyendo →<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":600,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[32,73],"tags":[48],"class_list":["post-641","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-programacion","category-scripts","tag-mikrotik"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/phA9Q-al","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":699,"url":"http:\/\/www.tech-nico.com\/blog\/script-mikrotik-para-limitar-dispositivos-moviles-con-dhcp-con-queues-dinamicas\/","url_meta":{"origin":641,"position":0},"title":"Script Mikrotik para LIMITAR dispositivos m\u00f3viles con DHCP con QUEUEs Dinamicas","author":"soporte","date":"agosto 4, 2016","format":false,"excerpt":"Bloquear \/ Limitar En las 3 versiones\u00a0anteriores de este script podiamos \"bloquear\" un dispositivo movil tanto por DHCP como en el firewall del Bridge (capa 2) y en firewall capa 3. Tal vez te interesen los scripts anteriores: Version 1: Filtrar en Bridge Filter Version 2: Filtrar en Firewall Filter\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2016\/08\/Ookla_Speedtest_HTML5.0.0.png?fit=1200%2C801&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2016\/08\/Ookla_Speedtest_HTML5.0.0.png?fit=1200%2C801&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2016\/08\/Ookla_Speedtest_HTML5.0.0.png?fit=1200%2C801&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2016\/08\/Ookla_Speedtest_HTML5.0.0.png?fit=1200%2C801&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2016\/08\/Ookla_Speedtest_HTML5.0.0.png?fit=1200%2C801&resize=1050%2C600 3x"},"classes":[]},{"id":645,"url":"http:\/\/www.tech-nico.com\/blog\/script-mikrotik-para-bloquear-dispositivos-moviles-en-firewall\/","url_meta":{"origin":641,"position":1},"title":"Script Mikrotik para bloquear dispositivos moviles en Firewall","author":"soporte","date":"agosto 7, 2015","format":false,"excerpt":"Bloqueando Celulares desde Mikrotik con Firewall (Efectividad 80%) NOTA: Esta es la version para filtrar por firewall, tambien podes filtrar en bridge filter o\u00a0bloquear directamente en dhcp-server. Me toco en un colegio tener que dejar sin navegaci\u00f3n\u00a0a los celulares.\u00a0En este caso opte por armar un script que recorra la lista\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":582,"url":"http:\/\/www.tech-nico.com\/blog\/script-mikrotik-para-bloquear-dispositivos-moviles-en-bridge-muy-efectivo\/","url_meta":{"origin":641,"position":2},"title":"[Actualizado] Script Mikrotik para bloquear dispositivos m\u00f3viles en bridge – Muy Efectivo!","author":"soporte","date":"marzo 20, 2016","format":false,"excerpt":"Bloqueando Celulares desde Mikrotik con Bridge filter (Efectividad 80%) NOTA: Esta es la version para filtrar por bridge, tambien podes filtrar en firewall\u00a0o\u00a0bloquear directamente en dhcp-server. Me toco en un colegio tener que dejar sin navegaci\u00f3n\u00a0a los celulares.\u00a0En este caso opte por armar un script que recorra la lista de\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":576,"url":"http:\/\/www.tech-nico.com\/blog\/script-mikrotik-para-patear-un-cliente-registrado-con-mala-senal\/","url_meta":{"origin":641,"position":3},"title":"Script Mikrotik para patear un cliente registrado con mala se\u00f1al","author":"soporte","date":"marzo 4, 2015","format":false,"excerpt":"Hola amigos, bueno, este script no es muy nuevo que digamos. Pero lo voy a postear porque le hice un agregado para mi gusto bastante importante. En este caso, se trata de un routerboard 2011 con Wifi, y va a instalarse en un colegio.\u00a0Como hay muchos celulares y netbooks, la\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":1092,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-para-bloquear-intentos-de-login\/","url_meta":{"origin":641,"position":4},"title":"Mikrotik Script para bloquear intentos de login","author":"soporte","date":"julio 18, 2023","format":false,"excerpt":"Leyendo en el foro de mikrotik me encontre con este script que monitorea el log en busca errores , Y bloquea en base a la cantidad de intentos de acceso. Lo interesante es que podemos configurarlo para detectar distintos tipos de acceso. Por ejemplo los famosos intentos de acceso por\u2026","rel":"","context":"En \u00abmikrotik\u00bb","block_context":{"text":"mikrotik","link":"http:\/\/www.tech-nico.com\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":1066,"url":"http:\/\/www.tech-nico.com\/blog\/routeros-dhcp-server-automatico-con-queues-dinamicas\/","url_meta":{"origin":641,"position":5},"title":"RouterOS DHCP Server Autom\u00e1tico con Queues Din\u00e1micas","author":"soporte","date":"febrero 10, 2022","format":false,"excerpt":"Esto esta pensado para lugares de mucha \"mucha\" concurrencia, para no derrochar recursos. Direcciones IP y Ancho de Banda. Por supuesto que esto tiene que estar acompa\u00f1ado de un buen CPU (para mi caso con un equipo 2011, me fue suficiente), y tambi\u00e9n deber\u00eda estar acompa\u00f1ado de un caudal de\u2026","rel":"","context":"En \u00abmikrotik\u00bb","block_context":{"text":"mikrotik","link":"http:\/\/www.tech-nico.com\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2022\/02\/queue_dyn_dhcp.png?fit=1200%2C590&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2022\/02\/queue_dyn_dhcp.png?fit=1200%2C590&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2022\/02\/queue_dyn_dhcp.png?fit=1200%2C590&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2022\/02\/queue_dyn_dhcp.png?fit=1200%2C590&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2022\/02\/queue_dyn_dhcp.png?fit=1200%2C590&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/comments?post=641"}],"version-history":[{"count":2,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/641\/revisions"}],"predecessor-version":[{"id":644,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/641\/revisions\/644"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media\/600"}],"wp:attachment":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media?parent=641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/categories?post=641"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/tags?post=641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}