I tried DHCP macfiltering is not enough to secure our networks and I think iptables will...
Thise is my concept:
I set a new laboratory(LAB) network.
My other network is connected to a LAB server running ubuntu 12.04 linux as a router.
And my LAB server is connected to the switch for LAN PCs.
here is the image: https://fbcdn-sphotos-g-a.akamaihd.n...85323098_n.jpg
What I want is:
1. I only want registered mac addresses to be able to have an internet.
2. I want those registered mac addresses connected only to the a specific network address for file sharing.
#. I want to know what are the steps should I follow.
Do I have to:
1. Flush all the iptables rules.
2. Set default policies to DROP
the default policies are in the last step of setting up the mac filtering.
I did some work related to these links.
#Flusing All IPTABLES Rules
iptables -t nat -F
iptables -t nat -X
#Setting Default Policies To DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#MAC Address Filtering
#list of mac addresses save to a mac_addresses_file
cat mac_addresses_file | while read macfile
iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source $macfile -m state --state NEW -j ACCEPT
#I don't really get what I am doing when edit some of the source code and tested it, won't work. (I just don't have the luck.)
#Set default policies to DROP
I am hoping for your help guys.