LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to use iptables -m mac --mac-source (https://www.linuxquestions.org/questions/linux-security-4/how-to-use-iptables-m-mac-mac-source-214107/)

DeployedOne 08-06-2004 01:32 AM
how to use iptables -m mac --mac-source
 
Does anyone know how to:

use iptables -m mac --mac-source [MAC] to allow through any approved MACs with a policy of drop for anyone else?

Thanks!

Capt_Caveman 08-06-2004 01:59 AM
Hi welcome to linuxquestions.

You basically posted the rule that you'd need. Something like:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

Though spoofing a MAC address in linux is pretty trivial, so you should be very cautious about relying too heavily on hardware MAC addresses as a sole means of making firewalling decisions. At the very least, you should still restrict access only to necessary ports

DeployedOne 08-06-2004 02:20 AM
So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!

barisdemiray 08-06-2004 03:03 AM
Quote:
Originally posted by DeployedOne
So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!
If your INPUT chain's global policy is ACCEPT or there isn't a rule after the mac match rule for DROPping all others then no. It won't drop `all the others'. Try

Code:
iptables -P INPUT DROP
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
for setting the global policy of INPUT chain

or

Code:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -A INPUT -j DROP
for DROPping all the other packets that do not match with the first rule..


All times are GMT -5. The time now is 08:29 PM.