LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-28-2009, 07:38 PM   #1
drij
LQ Newbie
 
Registered: Feb 2009
Posts: 2

Rep: Reputation: 0
Question iptables match by mac range


I want to restrict access to a wireless network by mac address range - only allowing devices from a certain manufacturer to connect.
I know it is possible to match for a single mac address with iptables.

My question is: Can iptables match by mac address range?
 
Old 02-28-2009, 09:53 PM   #2
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,062

Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362
probably not
you can match multiple mac addresses but even if what you ask IS possible it would be unadvisable because ANYone with a card of that manufacturer would be able to access that network, authorized or not

it would be more secure to gather the actual mac addresses of your network and set rules in iptables for each card individually that has the bonus of if a specific laptop gets stolen you can just shut off it's mac address and.. no more access to your network from that laptop...
 
Old 03-01-2009, 09:34 AM   #3
drij
LQ Newbie
 
Registered: Feb 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Alright, thanks for your reply.
 
Old 03-01-2009, 09:58 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Don't forget that MAC addresses are trivial to spoof.
 
Old 03-02-2009, 10:39 AM   #5
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,062

Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362
Quote:
Originally Posted by anomie View Post
Don't forget that MAC addresses are trivial to spoof.
true that, in fact mac address spoofing was an exercise i had to do back in college for one of my courses
 
  


Reply

Tags
filter, iptables, mac, match, range


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why /etc/sysconfig/hwconf NIC MAC did not match ifconfig UltraSoul Linux - Hardware 2 10-29-2010 10:09 AM
iptables string match htb Linux - Networking 2 08-30-2006 02:37 PM
IPTABLES with UNCLEAN match ALInux Linux - Networking 0 08-11-2006 11:22 AM
Iptables mac-match VS. transparent proxy mchanea Linux - Security 4 12-22-2004 06:42 AM
iptables string match kahpeetan Linux - Security 3 11-09-2003 06:36 PM


All times are GMT -5. The time now is 11:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration