IPTABLES Apply Certain Rules to Certain Mac Addresses
Ok, so the firewall rules I am currently using are displayed below.
Code:
# DROP ALL FORWARDED PACKETS Is there anyway of doing this? Or something similiar, or if it comes down to it, a way of doing this before the above iptables rules? For those that are interested my setup atm is currently that of a Wireless Access Portal, the computer that these commands are being executed are between a wireless access point and my network... This computer has 2 NIC's bridged. When someone connects to the wireless they are subject to the above rules, meaning when they open their browser they are presented with a login page, once they login, the mac address is grabbed by the auth server, and at this point I am trying to figure out how to make their mac address except from the rules of non-authenticated users. Internet ^ | Gateway <--- Bridged Firewall <--- Wireless Access Point ^ | Auth Server Any assistance that can be provided is greatly appreciated! Thanks, Aaron |
Maybe insert a match for the MAC address at the top of a chain? Like:
Code:
iptables -t nat -I PREROUTING -i br0 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT Code:
iptables -t nat -D PREROUTING -i br0 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT |
Quote:
Quote:
Quote:
|
Quote:
|
Quote:
For those that are interested below are the commands I am using to permit full network access, I will likely mod this later to only permit access to the internet and not the local network. The second MAC address in those rules is that of my gateway on my network. Code:
iptables -t nat -I PREROUTING -i br0 -m mac --mac-source 00:21:00:46:21:50 -j ACCEPT |
Quote:
Thanks. As soon as I thought about how iptables actually works with its rules, I realized that my statement couldn't be more wrong. |
Quote:
|
All times are GMT -5. The time now is 05:05 AM. |