how to use iptables -m mac --mac-source

DeployedOne · 08-06-2004, 01:32 AM

Does anyone know how to:

use iptables -m mac --mac-source [MAC] to allow through any approved MACs with a policy of drop for anyone else?

Thanks!

Capt_Caveman · 08-06-2004, 01:59 AM

Hi welcome to linuxquestions.

You basically posted the rule that you'd need. Something like:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

Though spoofing a MAC address in linux is pretty trivial, so you should be very cautious about relying too heavily on hardware MAC addresses as a sole means of making firewalling decisions. At the very least, you should still restrict access only to necessary ports

DeployedOne · 08-06-2004, 02:20 AM

So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!

barisdemiray · 08-06-2004, 03:03 AM

Quote:

Originally posted by DeployedOne
So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!

If your INPUT chain's global policy is ACCEPT or there isn't a rule after the mac match rule for DROPping all others then no. It won't drop `all the others'. Try

Code:

iptables -P INPUT DROP
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

for setting the global policy of INPUT chain

or

Code:

iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -A INPUT -j DROP

for DROPping all the other packets that do not match with the first rule..