First of all your first rule is incorrect, where -o is mentioned -i should be inserted in iptables -I CUSTOMFORWARD -o eth1 -m mac ! --mac-source xx:xx:xx:xx:xx:xx -j DROP & also in your first rule you are denying traffic to all which is taking precedence.
The correct rule,
1. First apply rule for the clients to accept for the two mac addresses as,
iptables -I OUTPUT -i eth1 -p tcp -m mac --mac-source <first mac address to accept> -j ACCEPT
iptables -I OUTPUT -i eth1 -p tcp -m mac --mac-source <Second mac address to accept> -j ACCEPT
2. Now drop/reject outgoing traffic for all clients as,
iptables -I OUTPUT -i eth1 -p tcp -j DROP
Note: Drop takes preceedence over Accept rule.
|