allows outgoing traffic for two mac address with iptables
i'm using IPCOP like firewall for my lan.
i want to block outgoing traffic of all client except two mac address. i use this rule for the first client: iptables -I CUSTOMFORWARD -o eth1 -m mac ! --mac-source xx:xx:xx:xx:xx:xx -j DROP when i insert the second rule with the second mac addres i have problems. only one client works fine. what's wrong? thank you |
First of all your first rule is incorrect, where -o is mentioned -i should be inserted in iptables -I CUSTOMFORWARD -o eth1 -m mac ! --mac-source xx:xx:xx:xx:xx:xx -j DROP & also in your first rule you are denying traffic to all which is taking precedence.
The correct rule, 1. First apply rule for the clients to accept for the two mac addresses as, iptables -I OUTPUT -i eth1 -p tcp -m mac --mac-source <first mac address to accept> -j ACCEPT iptables -I OUTPUT -i eth1 -p tcp -m mac --mac-source <Second mac address to accept> -j ACCEPT 2. Now drop/reject outgoing traffic for all clients as, iptables -I OUTPUT -i eth1 -p tcp -j DROP Note: Drop takes preceedence over Accept rule. |
thank you. i try and let you know
|
solved
i found the right solution:
iptables -A CUSTOMFORWARD -p tcp -o eth1 -m mac --mac-source <first mac address> -j ACCEPT iptables -A CUSTOMFORWARD -p tcp -o eth1 -m mac --mac-source <second mac address> -j ACCEPT iptables -A CUSTOMFORWARD -p tcp -o eth1 -j DROP thanks smilemukul |
All times are GMT -5. The time now is 01:17 AM. |