Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
04-30-2003, 01:19 AM
|
#1
|
|
LQ Newbie
Registered: Apr 2003
Posts: 22
Rep: 
|
blocking connection through MAC address
Hello! I am wondering if anybody can help me in finding ways to block connection to the server using MAC address. The scenerio is
I have a DHCP server which also acts as a network gateway for my entire LAN. I used to use IP for blocking certain computers to browse the Internet (I have squid running in the same box), but then they would change their IP and get into the Net. I am using RH8.
Now, can anybody please tell me if I can block these connections using MAC address through IPTables, and if yes, how?
If no, what can be an alternative means?
The fact that these connections are using other IP is both annoying and occassionally problematic for me since they are colliding with the eligible IPs as well.
Thanks for your response
|
|
|
|
|
04-30-2003, 08:12 AM
|
#2
|
|
Member
Registered: Apr 2001
Location: Cambridge, England
Distribution: Slackware 10, Fedora Core 3, Mac OS X
Posts: 617
Rep:
|
Look at the various modules that can be used for iptables. Look in the kernel configuration screen under networking options->ip netfilter configuration->MAC match address support. THat should do the trick.
Actually setting it up is a bit beyond my experience but the documentation should help you.
Alex
|
|
|
|
|
05-02-2003, 10:00 PM
|
#3
|
|
Member
Registered: May 2001
Posts: 125
Rep:
|
You could aslo setup dchp to assign specific IP addresses to specific mac addresses. You could then use regular IP tables to filter out the internet connection
|
|
|
|
|
05-08-2003, 04:55 AM
|
#4
|
|
LQ Newbie
Registered: Aug 2001
Location: Sheffield, UK.
Posts: 16
Rep: 
|
try this
Hi
I think I know what you are trying to do. I would like to so something similar. I would like to force all users to connect using DHCP, and to block users who specify their own IP.
However, if you just want to block certain computers completely, its easy using iptables
iptables -I INPUT -p all -m mac --mac-source aa:bb:cc:dd:ee:ff -j DROP
will prevent connection from the mac address aa:bb:cc:dd:ee:ff
if you want to allow access again just do service firewall restart
To make the changes more permanent (to survive restarting the firewall) you will need to edit rc.firewall
Hope this helps
Let us know if you manage to sort out IP assignments.
|
|
|
|
|
05-09-2003, 07:13 AM
|
#5
|
|
LQ Newbie
Registered: Apr 2003
Posts: 22
Original Poster
Rep:
|
yes, it worked :-) I love it ;-)
but as people suspected, I changed -p all to -p tcp, so they can ping, but no internet :-)
thanks thanks and thanks.
all the best
|
|
|
|
|
06-01-2003, 01:09 PM
|
#6
|
|
LQ Newbie
Registered: Mar 2003
Location: Lithuanina
Distribution: Slackware linux 8.1
Posts: 11
Rep:
|
but they can play games  cs quake ia |
|
|
|
|
06-01-2003, 11:47 PM
|
#7
|
|
LQ Newbie
Registered: Apr 2003
Posts: 22
Original Poster
Rep:
|
well, in my network, they cannot. Any and ALL request to the interface is rejected immediately. Can they play games in yours?
|
|
|
|
|
06-02-2003, 01:45 PM
|
#8
|
|
LQ Newbie
Registered: Mar 2003
Location: Lithuanina
Distribution: Slackware linux 8.1
Posts: 11
Rep:
|
well i have a little home network |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 02:07 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
