中国移动宽带光猫路由器一键开启MAC地址过滤的脚本

中国移动家庭宽带光猫路由器，可以开启MAC地址过滤，来限制孩子手机使用WIFI网络与否。

环境：

- 中国移动光猫GM220-S，Mini web server 1.0 CMIOT corp 2018.

- 安卓手机安装 Termux，以便运行 bash 脚本，然后定义一个别名两个别名到 ~/.bashrc中 alias on="~/mac.sh on" 和 alias off="~/mac.sh off"，以后就可以随时用 on, off 来开关MAC地址过滤了

脚本：

#!/bin/bash

# 配置参数，请修改为你自己的数据
ROUTER_IP="192.168.1.1"
USERNAME="13912345678@139.gd"
# 可以通过浏览器打开路由器网页，按F12，切换到【网络】页面
# 查看登录URL的POST数据得到 LOGIN_CODE 和 USER 的数据
LOGIN_CODE="NbwGRnzgwRbD5VE5RqxmRWXxxxCclP%2Bkn3hDHCS6Ku8iw%2BIJ5Bvqa1sLcljrsjqe%2F9aY0c10kLLMA%3D"
USER="2uEWevOMh9dY%2Bxtek%2B0SizdLWJzT%2FGbJK%2BpN%2FgRDzUoLF3PW9ebAojcJiEeH9e%2BjOnQ4zE%3D"
# 要限制的设备的MAC地址
MAC_ADDR="12:34:56:78:10:11"

# 检查参数
if [ $# -ne 1 ]; then
    echo "用法: $0 on|off"
    exit 1
fi

ACTION=$1
if [ "$ACTION" != "on" ] && [ "$ACTION" != "off" ]; then
    echo "错误: 参数必须是 'on' 或 'off'"
    exit 1
fi

# 1. 登录并获取USER_LOG_TOKEN
echo "正在登录路由器..."
LOGIN_RESPONSE=$(curl -s -o - "http://$ROUTER_IP/" -H "Content-Type: application/x-www-form-urlencoded" -H "Origin: http://$ROUTER_IP" -H "Referer: http://$ROUTER_IP/" \
  --data-raw "frashnum=&action=login&Frm_Logintoken=2&username=$USERNAME&logincode=$LOGIN_CODE&usr=$USER&ieversion=1" --insecure)

# 尝试从HTML内容中提取
USER_LOG_TOKEN=$(echo $LOGIN_RESPONSE | grep -o 'document.cookie = "USER_LOG_TOKEN=" + "[^"]*"' | cut -d'"' -f4)
if [ -z "$USER_LOG_TOKEN" ]; then
    echo "错误: 无法获取USER_LOG_TOKEN，登录可能失败"
    exit 1
fi
echo "成功获取USER_LOG_TOKEN: $USER_LOG_TOKEN"

SECURITY_RESPONSE=$(curl -s -o - -b "USER_LOG_TOKEN=$USER_LOG_TOKEN" "http://$ROUTER_IP/web/cmcc/gch/template_user.gch?nextpage=web/cmcc/gch/safemanager.gch")
SESSION_TOKEN=$(echo $SECURITY_RESPONSE | grep -o 'session_token = "[^"]*"' | cut -d'"' -f2)
if [ -z "$SESSION_TOKEN" ]; then
    echo "错误: 无法获取SESSION_TOKEN"
    exit 1
fi
echo "成功获取到_SESSION_TOKEN_USER: $SESSION_TOKEN"

# 2. 根据参数设置MAC过滤状态
if [ "$ACTION" = "on" ]; then
    MAC_FILTER_ENABLE="1"
    ENABLE0="0"
    echo "正在启用MAC地址过滤..."
else
    MAC_FILTER_ENABLE="0"
    ENABLE0="1"
    echo "正在禁用MAC地址过滤..."
fi

# 发送MAC过滤配置请求
CONFIG_RESPONSE=$(curl -s -o - -X POST "http://$ROUTER_IP/web/cmcc/gch/getpage.gch?pid=1002&nextpage=web/cmcc/gch/safemanager.gch" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -b "USER_LOG_TOKEN=$USER_LOG_TOKEN" \
  -H "Origin: http://$ROUTER_IP" \
  -H "Referer: http://$ROUTER_IP/web/cmcc/gch/getpage.gch?pid=1002&nextpage=web/cmcc/gch/safemanager.gch" \
  --data-raw "IF_ACTION=basic_apply&IF_ERRORSTR=SUCC&IF_ERRORPARAM=SUCC&IF_ERRORTYPE=-1&IF_INDEX=NULL&IF_INSTNUM=1&Enable=NULL&BlackList=NULL&Type=NULL&Protocol=NULL&SrcMacAddr=NULL&DstMacAddr=NULL&Port=&Enable0=$ENABLE0&BlackList0=0&Type0=Layer3-IP&Protocol0=ALL&SrcMacAddr0=$MAC_ADDR&DstMacAddr0=00:00:00:00:00:00&Port0=0&ViewName=&Type=&IPAddress=&AddressSource=&MACAddress=&HostName=&InterfaceType=&Active=&Interface=&LastConnection=&Category=&IPV6Address=&IsWanSrvCntl=NULL&IpFilterTarget=NULL&UrlFilterTarget=NULL&UrlFilterEnable=NULL&SrvCntlTarget=NULL&DefaultPolicy=NULL&MacFilterTarget=Discard&MacFilterEnable=$MAC_FILTER_ENABLE&IpFilterInPolicy=0&IpFilterInEnable=0&IpFilterOutPolicy=0&IpFilterOutEnable=0&PCtrlEnable=0&IF_INSTNUM_ACC=0&_SESSION_TOKEN_USER=$SESSION_TOKEN" --insecure)

# echo $CONFIG_RESPONSE > config_response.txt
# 检查操作结果
if echo "$CONFIG_RESPONSE" | grep -q "Transfer_meaning('MacFilterEnable','$MAC_FILTER_ENABLE');"; then
    echo "MAC地址过滤已成功${ACTION}"
else
    echo "错误: MAC地址过滤${ACTION}操作可能失败"
    exit 1
fi

LOGOUT_RESPONSE=$(curl -s -o - -X POST "http://$ROUTER_IP/web/cmcc/gch/setlang.gch" -H "X-Requested-With: XMLHttpRequest" \
  -b "USER_LOG_TOKEN=$USER_LOG_TOKEN" -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
  -H "Origin: http://$ROUTER_IP" \
  -H "Referer: http://$ROUTER_IP/web/cmcc/gch/template_user.gch?nextpage=web/cmcc/gch/iot_wifi_setting_t.gch" \
  --data-raw "logout=2" --insecure)

echo "操作完成"