LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 04-18-2005, 01:29 PM   #1
ProtoformX
Member
 
Registered: Feb 2004
Location: Canada
Distribution: LFS SVN
Posts: 334

Rep: Reputation: 34
iptables rules with MAC addresses


Is there a way I can tell iptables to only allow someone to connect via SSH my MAC address and IP?

Like is there a rule that I can pass to chain that allows certein MAC's in and not others?
 
Old 04-18-2005, 01:51 PM   #2
zeos
Member
 
Registered: Aug 2003
Posts: 150

Rep: Reputation: 15
Code:
iptables -A INPUT -i eth0 -p tcp --dport 22 -m mac --mac-source 00:0B:DB:45:56:42 -s 192.168.1.1 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP
Should do it ...tweak for mac address and ip. If your default input policy is already drop you won't need to set the second rule...

Beware, MAC's are trivial to change ;)

Last edited by zeos; 04-18-2005 at 01:57 PM.
 
Old 04-27-2005, 07:12 AM   #3
mac24nz
LQ Newbie
 
Registered: Apr 2005
Posts: 2

Rep: Reputation: 0
MAC & ip addresses

I have a fli4l router (linux).

I want to restrict the ip addresses to mac addresses

I'm using a very similar command - but the iptables doesn't seem to recognize the mac address switch (i don't have the error message right now), but is there something wrong with my command here?

iptables -A INPUT -s 192.168.1.123 -m mac --mac-source ! aa:bb:cc:dd:ee:ff -j DROP

i want that only this mac address(and no others) can use this ip address (I'm aware that this mac address can still use other ip addresses)

any ideas?

thanks

martin cavanagh
 
Old 04-27-2005, 07:53 AM   #4
apsivam
Member
 
Registered: Mar 2005
Location: Chennai, India
Distribution: Ubuntu, CentOS
Posts: 72

Rep: Reputation: 15
Re: MAC & ip addresses

Quote:
Originally posted by mac24nz
I have a fli4l router (linux).

I want to restrict the ip addresses to mac addresses

I'm using a very similar command - but the iptables doesn't seem to recognize the mac address switch (i don't have the error message right now), but is there something wrong with my command here?

iptables -A INPUT -s 192.168.1.123 -m mac --mac-source ! aa:bb:cc:dd:ee:ff -j DROP

i want that only this mac address(and no others) can use this ip address (I'm aware that this mac address can still use other ip addresses)

any ideas?

thanks

martin cavanagh
the syntax of your command is ok I've tested it in my system. Your kernel might not compiled with iptables mac support or try loading it manually with the following command
Code:
# modprobe ipt_mac
 
Old 04-28-2005, 04:26 AM   #5
mac24nz
LQ Newbie
 
Registered: Apr 2005
Posts: 2

Rep: Reputation: 0
MAC & ip addresses

awesome thanks - i'll try that - the dist I'm using is a very lightweight dist (it can run off a floppy)- so it might not have full support (but the iptables command is there) - is it possible to have a partial light weight compiled iptables?

i'll post the error soon
 
Old 04-28-2005, 08:54 AM   #6
apsivam
Member
 
Registered: Mar 2005
Location: Chennai, India
Distribution: Ubuntu, CentOS
Posts: 72

Rep: Reputation: 15
Re: MAC & ip addresses

Quote:
Originally posted by mac24nz
- is it possible to have a partial light weight compiled iptables?
yes it is. The iptables command is just a user land utility. The actual iptables code is compiled into kernel. you can have partial iptables features like mac identification as modules.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES rules with mac address? xpathfinder Linux - Security 3 12-11-2005 10:23 PM
can MAC addresses be tracked? m00 Linux - Security 7 11-16-2004 10:50 PM
iptables & mac addresses freelinuxcpp Linux - Security 2 12-31-2003 06:22 AM
Mac Addresses nixdisciple Linux - Security 6 07-01-2002 11:55 PM
Finding mac addresses Chijtska Linux - Security 5 02-27-2002 05:34 AM


All times are GMT -5. The time now is 06:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration