LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-27-2007, 05:49 AM   #1
Ameii83
Member
 
Registered: Dec 2004
Location: malaysia
Posts: 56

Rep: Reputation: 15
can't block MAC Address using iptables


Why i can't block a user using MAC Address from get access to my server.The user can still access the website from my server This is my script in the iptables

/////////////////////////////////////////////////////////
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m mac --mac-source <USER MAC ADDRESS> -j DROP

COMMIT
/////////////////////////////////////////////////////////
 
Old 02-27-2007, 06:07 AM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
In the above "script", if you already have INPUT policy set to DROP (nothing that is explicitly allowed, is silently denied), the lower appended rule (mac address) won't of course work because it doesn't change anything. The curious thing is, if your INPUT is set to DROP for everything, how is it possible that somebody can connect to your server?

I think there's something else wrong too.

Quote:
The user can still access the website from my server
Do you mean that the user can get to your server and using your server machine get access to the website (which is also in your server?) or what? Sounds like a very truly odd, bizarre and maybe bad setup. Maybe I'm misunderstanding this situation; could you be more specific? For example paste the whole script (unless that is it), perhaps in a shell script format (rather than "iptables format"), and be more clear about this whole thing; is the user using a separate machine from the server, the server itself or what and so on..
 
Old 02-27-2007, 07:31 AM   #3
Ameii83
Member
 
Registered: Dec 2004
Location: malaysia
Posts: 56

Original Poster
Rep: Reputation: 15
The situation is like this

if i have insert the user mac address(get mac info from user machine) to iptables in my server, it should block the user right..so the user should can 't access the webpages that host in my server.it is this right ??
or how to test the user is exactly block by the the server or not ??

this the full iptables script that i get form iptables
////////////////////////////////////
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m mac --mac-source <USER MAC ADDRESS> -j DROP
COMMIT
///////////////////////////////////

hope u can help me to figure out the problems ??

Last edited by Ameii83; 02-27-2007 at 07:37 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Block all users and allow certain Mac Address georgiozoze Linux - Networking 2 01-18-2007 05:31 AM
by using iptables block mac address to restric user to access internet Farrukh Fida Linux - Networking 3 10-09-2006 08:59 AM
block mac address Ammad Linux - General 1 09-11-2005 02:00 PM
DESPERATE : Iptables block users by MAC address. ranjan303 Linux - Security 28 03-29-2005 02:15 AM
DESPERATE : Iptables , permit know MAC , block rest. ranjan303 Linux - Networking 3 12-14-2003 10:10 AM


All times are GMT -5. The time now is 10:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration