LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Need to filter devices out from a firewall by MAC address (https://www.linuxquestions.org/questions/linux-security-4/need-to-filter-devices-out-from-a-firewall-by-mac-address-239873/)

bhenry 10-07-2004 12:00 PM
Need to filter devices out from a firewall by MAC address
 
I'm fairly new to firewalls, although I've a fair amount of experience on Linux. Anyway, here's what's going on -

The college I work for is installing a firewall between our LAN and our wireless access points. The wireless access points connect directly to a switch, which in turn will connect to the firewall, and the firewall to the internet. We want to allow any and all traffic through the NIC that connects to the LAN, but to get through the card that connects to the wireless network the MAC address of the NIC must be listed in our firewall as "trusted."

What I'm looking for is the best firewall for us to do this on linux (currently using Fedora Core 2), and either links to good documentation on how to do what I'm wanting and/or someone who can provide me step-by-step directions on how to do this.

Any and all assistance would be greatly appreciated :)

Brian

scottman 10-07-2004 01:05 PM
If you are familiar with bash scripts a straight up iptables script would be your best bet. Check out unSpawns security references near the begining of the security forum to get links for firewalls and iptables etc.


Code:
# Create a new chain for mac filtering
$IPT -N INTERNET

# Send traffic coming in from your lan interface to the new chain
$IPT -A FORWARD -i <YOUR_LAN_INTERFACE_HERE> -j INTERNET

# Enter rules with allowed mac addresses
$IPT -A INTERNET -m mac --mac-source XX:XX:XX:XX:XX:XX -j RETURN
$IPT -A INTERNET -m mac --mac-source XX:XX:XX:XX:XX:XX -j RETURN
$IPT -A INTERNET -m mac --mac-source XX:XX:XX:XX:XX:XX -j RETURN
$IPT -A INTERNET -m mac --mac-source XX:XX:XX:XX:XX:XX -j RETURN

# Have a rule to drop all other computers attempting to access internet.
$IPT -A INTERNET -j DROP
I'm sorry if this is greek or something to you, if you want any kind of clarification let me know

Krugger 10-07-2004 03:20 PM
Just want to remind you that MAC addresses are easy to spoof. So don't use the MAC to auth anyone. You can set your MAC with a simple ifconfig.

m4dj4ck 10-07-2004 11:29 PM
try to use shorewall firewall(http://www.shorewall.net). It has MAC address blocking functionality by adding the disallowed MAC into the blacklist.


All times are GMT -5. The time now is 10:25 PM.