LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-06-2004, 01:32 AM   #1
DeployedOne
LQ Newbie
 
Registered: Aug 2004
Posts: 2

Rep: Reputation: 0
how to use iptables -m mac --mac-source


Does anyone know how to:

use iptables -m mac --mac-source [MAC] to allow through any approved MACs with a policy of drop for anyone else?

Thanks!
 
Old 08-06-2004, 01:59 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Hi welcome to linuxquestions.

You basically posted the rule that you'd need. Something like:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

Though spoofing a MAC address in linux is pretty trivial, so you should be very cautious about relying too heavily on hardware MAC addresses as a sole means of making firewalling decisions. At the very least, you should still restrict access only to necessary ports
 
Old 08-06-2004, 02:20 AM   #3
DeployedOne
LQ Newbie
 
Registered: Aug 2004
Posts: 2

Original Poster
Rep: Reputation: 0
So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!
 
Old 08-06-2004, 03:03 AM   #4
barisdemiray
Member
 
Registered: Sep 2003
Location: Ankara/Turkey
Distribution: Slackware
Posts: 155

Rep: Reputation: 30
Quote:
Originally posted by DeployedOne
So your saying that as soon as I start using the "iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT" rule that is automaticaly drops all other MACs?

Thanks for your prompt response!
If your INPUT chain's global policy is ACCEPT or there isn't a rule after the mac match rule for DROPping all others then no. It won't drop `all the others'. Try

Code:
iptables -P INPUT DROP
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
for setting the global policy of INPUT chain

or

Code:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -A INPUT -j DROP
for DROPping all the other packets that do not match with the first rule..
 
  


Reply

Tags
filtering, firewall, iptables, mac


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables/Mac address InJesus Linux - Security 3 11-17-2005 05:57 AM
iptables mac FORWARD Ipolit Linux - Security 8 06-12-2005 04:09 PM
iptables + IP + MAC filter varun_saa Mandriva 1 04-30-2005 06:16 AM
MAC Address + IPTABLES yvesg Linux - Networking 1 05-10-2004 08:36 PM
How would i log the source MAC address w/ iptables? phek Linux - Security 12 12-14-2001 12:18 PM


All times are GMT -5. The time now is 07:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration