LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   allows outgoing traffic for two mac address with iptables (https://www.linuxquestions.org/questions/linux-newbie-8/allows-outgoing-traffic-for-two-mac-address-with-iptables-936176/)

tastiero 03-24-2012 07:22 AM
allows outgoing traffic for two mac address with iptables
 
i'm using IPCOP like firewall for my lan.
i want to block outgoing traffic of all client except two mac address.
i use this rule for the first client:
iptables -I CUSTOMFORWARD -o eth1 -m mac ! --mac-source xx:xx:xx:xx:xx:xx -j DROP
when i insert the second rule with the second mac addres i have problems.
only one client works fine.
what's wrong?
thank you

smilemukul 03-24-2012 08:29 AM
First of all your first rule is incorrect, where -o is mentioned -i should be inserted in iptables -I CUSTOMFORWARD -o eth1 -m mac ! --mac-source xx:xx:xx:xx:xx:xx -j DROP & also in your first rule you are denying traffic to all which is taking precedence.

The correct rule,

1. First apply rule for the clients to accept for the two mac addresses as,
iptables -I OUTPUT -i eth1 -p tcp -m mac --mac-source <first mac address to accept> -j ACCEPT
iptables -I OUTPUT -i eth1 -p tcp -m mac --mac-source <Second mac address to accept> -j ACCEPT

2. Now drop/reject outgoing traffic for all clients as,
iptables -I OUTPUT -i eth1 -p tcp -j DROP

Note: Drop takes preceedence over Accept rule.

tastiero 03-24-2012 09:19 AM
thank you. i try and let you know

tastiero 03-26-2012 04:11 AM
solved
 
i found the right solution:
iptables -A CUSTOMFORWARD -p tcp -o eth1 -m mac --mac-source <first mac address> -j ACCEPT
iptables -A CUSTOMFORWARD -p tcp -o eth1 -m mac --mac-source <second mac address> -j ACCEPT
iptables -A CUSTOMFORWARD -p tcp -o eth1 -j DROP

thanks smilemukul


All times are GMT -5. The time now is 01:17 AM.