Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I posted my question in Slackware section but unfortunately no one could help me.
I have a small network connected to internet and I want my router to forward only packages sent from computers with listed mac addresses.
so I put this:
iptables -P FORWARD DROP
iptables -A FORWARD -m mac --mac-source 00:50:8B:AE:9D: D1 -j ACCEPT
and the same for the others, but it's not forwarding anything.
I put in this and the addresses of both router netcards - nothing.
If I change to
iptables -P FORWARD ACCEPT
iptables -A FORWARD -m mac --mac-source 00:50:8B:AE:9D: D1 -j DROP
the packages from this computer are not forwarded.
the router is connected to the ISP via cable modem and the modem is connected to router with network card with static IP. Don't you think that router is not forwarding packages from the modem to the my network.
may be I have to use state ot something?
I believe so. I think the problem has to do with the reply packets getting back through. The initial outgoing packets were forwarded because they had that mac as the source. However, the reply packets would have different source and dst mac addresses and wouldn't match that rule and consequently hit the DROP policy.
It's usually a good idea to accept the ESTABLISHED *AND* RELATED states, so that things like icmp port unreachable messages can get back through too). So you're rule would look like:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -s 0/0 -j ACCEPT
It's also a good idea to specify which interfaces should be receiving traffic with that source MAC. It's possible for someone to spoof that MAC on the external interface which would allow access to your LAN. It's pretty unlikely, but it's still a good idea to include the LAN interface in the rule with the MAC address:
iptables -A FORWARD -i <internal_interface> -m mac --mac-source 00:50:8B:AE:9D: D1 -j ACCEPT
where <internal_interface> is usually eth1 (check ifconfig output).