DESPERATE : Iptables , permit know MAC , block rest.
 

Hi All,

thanx for reading this. I am trying to authenticate only those PC that I know of and reject access to internet to the rest of them using MACs. The box is running rh9 with iptables is my internet gateway.

Currently I am able to block those staff who bring their laptop after we detect it using a third party software by putting the following rule in iptables

/sbin/iptables -A INPUT -j DROP -m mac --mac-source 08:00:46:67:B1:5E

What I really wanna do is to put all MACs that belong to us in the iptables and only authorise them to access the internet, and block everyone else automatically by default. Is it possible ? How do I do it. Please help, as I spent most of the time scanning ip ranges for unauthorised pcs/laptops.

thanx again,

Ranjan.

Not understand the problem.
The sample line /sbin/iptables -A INPUT -j DROP -m mac --mac-source 08:00:46:67:B1:5E
is working (?).
So why you cannot set default policy to DROP and use
/sbin/iptables -A INPUT -j ACCEPT -m mac --mac-source xx:xx:xx:xx:xx:xx
for your MACs ?

how would the default policy look like ? sorry I am a total newbie with iptables

thanx for your help ,

Ranjan.

Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.

http://www.linuxquestions.org/rules.php

Please continue the thread here:
http://www.linuxquestions.org/questi...hreadid=125661