Is there a way I can tell iptables to only allow someone to connect via SSH my MAC address and IP?

Like is there a rule that I can pass to chain that allows certein MAC's in and not others?

Should do it ...tweak for mac address and ip. If your default input policy is already drop you won't need to set the second rule...

Beware, MAC's are trivial to change ;)

I have a fli4l router (linux).

I want to restrict the ip addresses to mac addresses

I'm using a very similar command - but the iptables doesn't seem to recognize the mac address switch (i don't have the error message right now), but is there something wrong with my command here?

iptables -A INPUT -s 192.168.1.123 -m mac --mac-source ! aa:bb:cc:dd:ee:ff -j DROP

i want that only this mac address(and no others) can use this ip address (I'm aware that this mac address can still use other ip addresses)

any ideas?

thanks

martin cavanagh

the syntax of your command is ok I've tested it in my system. Your kernel might not compiled with iptables mac support or try loading it manually with the following command

awesome thanks - i'll try that - the dist I'm using is a very lightweight dist (it can run off a floppy)- so it might not have full support (but the iptables command is there) - is it possible to have a partial light weight compiled iptables?

i'll post the error soon

yes it is. The iptables command is just a user land utility. The actual iptables code is compiled into kernel. you can have partial iptables features like mac identification as modules.