LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 04-18-2005, 12:29 PM   #1
ProtoformX
Member
 
Registered: Feb 2004
Location: Canada
Distribution: LFS SVN
Posts: 334

Rep: Reputation: 33
iptables rules with MAC addresses


Is there a way I can tell iptables to only allow someone to connect via SSH my MAC address and IP?

Like is there a rule that I can pass to chain that allows certein MAC's in and not others?
 
Old 04-18-2005, 12:51 PM   #2
zeos
Member
 
Registered: Aug 2003
Posts: 150

Rep: Reputation: 15
Code:
iptables -A INPUT -i eth0 -p tcp --dport 22 -m mac --mac-source 00:0B:DB:45:56:42 -s 192.168.1.1 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP
Should do it ...tweak for mac address and ip. If your default input policy is already drop you won't need to set the second rule...

Beware, MAC's are trivial to change ;)

Last edited by zeos; 04-18-2005 at 12:57 PM.
 
Old 04-27-2005, 06:12 AM   #3
mac24nz
LQ Newbie
 
Registered: Apr 2005
Posts: 2

Rep: Reputation: 0
MAC & ip addresses

I have a fli4l router (linux).

I want to restrict the ip addresses to mac addresses

I'm using a very similar command - but the iptables doesn't seem to recognize the mac address switch (i don't have the error message right now), but is there something wrong with my command here?

iptables -A INPUT -s 192.168.1.123 -m mac --mac-source ! aa:bb:cc:dd:ee:ff -j DROP

i want that only this mac address(and no others) can use this ip address (I'm aware that this mac address can still use other ip addresses)

any ideas?

thanks

martin cavanagh
 
Old 04-27-2005, 06:53 AM   #4
apsivam
Member
 
Registered: Mar 2005
Location: Chennai, India
Distribution: Ubuntu, CentOS
Posts: 72

Rep: Reputation: 15
Re: MAC & ip addresses

Quote:
Originally posted by mac24nz
I have a fli4l router (linux).

I want to restrict the ip addresses to mac addresses

I'm using a very similar command - but the iptables doesn't seem to recognize the mac address switch (i don't have the error message right now), but is there something wrong with my command here?

iptables -A INPUT -s 192.168.1.123 -m mac --mac-source ! aa:bb:cc:dd:ee:ff -j DROP

i want that only this mac address(and no others) can use this ip address (I'm aware that this mac address can still use other ip addresses)

any ideas?

thanks

martin cavanagh
the syntax of your command is ok I've tested it in my system. Your kernel might not compiled with iptables mac support or try loading it manually with the following command
Code:
# modprobe ipt_mac
 
Old 04-28-2005, 03:26 AM   #5
mac24nz
LQ Newbie
 
Registered: Apr 2005
Posts: 2

Rep: Reputation: 0
MAC & ip addresses

awesome thanks - i'll try that - the dist I'm using is a very lightweight dist (it can run off a floppy)- so it might not have full support (but the iptables command is there) - is it possible to have a partial light weight compiled iptables?

i'll post the error soon
 
Old 04-28-2005, 07:54 AM   #6
apsivam
Member
 
Registered: Mar 2005
Location: Chennai, India
Distribution: Ubuntu, CentOS
Posts: 72

Rep: Reputation: 15
Re: MAC & ip addresses

Quote:
Originally posted by mac24nz
- is it possible to have a partial light weight compiled iptables?
yes it is. The iptables command is just a user land utility. The actual iptables code is compiled into kernel. you can have partial iptables features like mac identification as modules.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES rules with mac address? xpathfinder Linux - Security 3 12-11-2005 09:23 PM
can MAC addresses be tracked? m00 Linux - Security 7 11-16-2004 09:50 PM
iptables & mac addresses freelinuxcpp Linux - Security 2 12-31-2003 05:22 AM
Mac Addresses nixdisciple Linux - Security 6 07-01-2002 10:55 PM
Finding mac addresses Chijtska Linux - Security 5 02-27-2002 04:34 AM


All times are GMT -5. The time now is 08:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration