LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page iptables match by mac range
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 02-28-2009, 08:38 PM   #1
drij
LQ Newbie
 
Registered: Feb 2009
Posts: 2

Rep: Reputation: 0
Question iptables match by mac range

I want to restrict access to a wireless network by mac address range - only allowing devices from a certain manufacturer to connect.
I know it is possible to match for a single mac address with iptables.

My question is: Can iptables match by mac address range?
 
Old 02-28-2009, 10:53 PM   #2
frieza
Senior Member
Contributing Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 2,603

Rep: Reputation: 228Reputation: 228Reputation: 228
probably not
you can match multiple mac addresses but even if what you ask IS possible it would be unadvisable because ANYone with a card of that manufacturer would be able to access that network, authorized or not

it would be more secure to gather the actual mac addresses of your network and set rules in iptables for each card individually that has the bonus of if a specific laptop gets stolen you can just shut off it's mac address and.. no more access to your network from that laptop...
 
Old 03-01-2009, 10:34 AM   #3
drij
LQ Newbie
 
Registered: Feb 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Alright, thanks for your reply.
 
Old 03-01-2009, 10:58 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Debian, FreeBSD
Posts: 3,559
Blog Entries: 3

Rep: Reputation: Disabled
Don't forget that MAC addresses are trivial to spoof.
 
Old 03-02-2009, 11:39 AM   #5
frieza
Senior Member
Contributing Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 2,603

Rep: Reputation: 228Reputation: 228Reputation: 228
Quote:
Originally Posted by anomie View Post
Don't forget that MAC addresses are trivial to spoof.
true that, in fact mac address spoofing was an exercise i had to do back in college for one of my courses
 
  


Reply

Tags
filter, iptables, mac, match, range


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why /etc/sysconfig/hwconf NIC MAC did not match ifconfig UltraSoul Linux - Hardware 2 10-29-2010 11:09 AM
iptables string match htb Linux - Networking 2 08-30-2006 03:37 PM
IPTABLES with UNCLEAN match ALInux Linux - Networking 0 08-11-2006 12:22 PM
Iptables mac-match VS. transparent proxy mchanea Linux - Security 4 12-22-2004 07:42 AM
iptables string match kahpeetan Linux - Security 3 11-09-2003 07:36 PM


All times are GMT -5. The time now is 02:36 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration