by using iptables block mac address to restric user to access internet

Farrukh Fida · 10-03-2006, 04:51 PM

I want to know how to block a user to get access internet, by blocking their MAC address. I used 1 configuration the resulat is that client are no longer to ping the gateway but still get access to internet.

My config.

iptables -A INPUT -m mac --mac-source 00:0B

B:45:56:42 -j DROP

Please help me

jaz_comp · 10-04-2006, 04:26 PM

Hi,

Try this i hope it will work.

iptables -A INPUT -p tcp -m mac --mac-source 00:0BB:45:56:42 -j DROP

if you have any proxy server then

iptables -A INPUT -m -p (port number) -d (proxy server ip)mac --mac-source 00:0BB:45:56:42 -j DROP

Thanks & Regards

jaz_comp

Hangdog42 · 10-04-2006, 04:30 PM

And just so you know, MAC addresses are trivial to spoof, so this may not do the trick if the users has any knowledge. It is also possible depending on what hardware is between you and the computer you're trying to block, the MAC address may have been changed.

fotoguy · 10-09-2006, 07:59 AM

Block access to the internet you need to use the FORWARD chain not the INPUT chain try:

Code:

iptables -A FORWARD -p tcp -m mac --mac-source 00:0BB:45:56:42 -j DROP