LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to use iptables -m mac --mac-source (http://www.linuxquestions.org/questions/linux-security-4/how-to-use-iptables-m-mac-mac-source-214107/)

DeployedOne 08-06-2004 01:32 AM

how to use iptables -m mac --mac-source
 
Does anyone know how to:

use iptables -m mac --mac-source [MAC] to allow through any approved MACs with a policy of drop for anyone else?

Thanks!

Capt_Caveman 08-06-2004 01:59 AM

Hi welcome to linuxquestions.

You basically posted the rule that you'd need. Something like:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

Though spoofing a MAC address in linux is pretty trivial, so you should be very cautious about relying too heavily on hardware MAC addresses as a sole means of making firewalling decisions. At the very least, you should still restrict access only to necessary ports

DeployedOne 08-06-2004 02:20 AM

So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!

barisdemiray 08-06-2004 03:03 AM

Quote:

Originally posted by DeployedOne
So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!

If your INPUT chain's global policy is ACCEPT or there isn't a rule after the mac match rule for DROPping all others then no. It won't drop `all the others'. Try

Code:

iptables -P INPUT DROP
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

for setting the global policy of INPUT chain

or

Code:

iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -A INPUT -j DROP

for DROPping all the other packets that do not match with the first rule..


All times are GMT -5. The time now is 05:21 AM.