Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-13-2005, 03:05 AM
|
#1
|
Member
Registered: Mar 2005
Distribution: Slackware 10.1, Kernel 2.6.14.4 (custom)
Posts: 166
Rep:
|
MAC address filtering in Slackware?
Basically I want to add a mac address filter for a dhcp server in my network. Like I want there to be an access list with mac addresses inside and whatever mac address that isn't on the list will be denied dhcp service.
I'm using dhcpd from isc.org.
OS: SLackware 10
kernel: 2.6.11.7
Any ideas on how to accomplish this?
|
|
|
04-13-2005, 03:59 AM
|
#2
|
Senior Member
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851
Rep:
|
This should provide some information
Code:
iptables -m mac help
|
|
|
04-13-2005, 04:09 AM
|
#3
|
Member
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231
Rep:
|
I suggest you use IPTABLES for this, you can use the following:
$IPTABLES -A INPUT -m mac --mac-source 08:00:46:99:CB:96 -j ACCEPT
this way it will not be able to access any services, not just DHCP
|
|
|
04-13-2005, 04:11 AM
|
#4
|
Member
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384
Rep:
|
Hi,
2 ways : you can use "hardware address" entries in dhcpd.conf :
Code:
host lazarus {
hardware ethernet 00:0C:6E:8D:F3:49;
fixed-address lazarus;
option broadcast-address 192.168.0.255;
option routers aracaju;
}
But then you'll have an entry per host on your network... a bit complicated for a daily admin task
Or you can use iptables :
Write a mac-address per line in a file that I've called in this sample mac-list and then
Code:
for MAC in $(cat mac-list) ; do
iptables -A INPUT -p udp --dport 67 -m mac --mac-source $MAC -j ACCEPT
done
iptables -A INPUT -p udp --dport 67 -j DROP
Thus you only disallow dhcp
|
|
|
04-13-2005, 04:27 AM
|
#5
|
Member
Registered: Mar 2005
Distribution: Slackware 10.1, Kernel 2.6.14.4 (custom)
Posts: 166
Original Poster
Rep:
|
Thanks for help
I think I'll do the iptables approach.
|
|
|
04-13-2005, 08:37 AM
|
#6
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
Just be aware that it is pretty trivial to spoof a MAC address, so don't rely on this for any serious level of security.
|
|
|
05-11-2006, 08:32 PM
|
#7
|
Member
Registered: Feb 2002
Location: USA
Distribution: Fedora, CENTOS
Posts: 209
Rep:
|
Quote:
Originally Posted by Hangdog42
Just be aware that it is pretty trivial to spoof a MAC address, so don't rely on this for any serious level of security.
|
I'm trying to do something similar. I want to restrict SSH access into my slackware box to just one computer (my laptop). I was going to use the laptop's mac address for this but you suggest this doesn't provide enough/much security. I would have thought it was relatively difficult to guess the correct mac address to connect to a machine. (I don't know much about security so if this is a dumb question I apollogize.)
|
|
|
05-12-2006, 01:17 AM
|
#8
|
Member
Registered: Aug 2005
Location: Guadalajara, Jal, Mexico
Distribution: Slackware Linux
Posts: 211
Rep:
|
Quote:
I'm trying to do something similar. I want to restrict SSH access into my slackware box to just one computer (my laptop). I was going to use the laptop's mac address for this but you suggest this doesn't provide enough/much security. I would have thought it was relatively difficult to guess the correct mac address to connect to a machine. (I don't know much about security so if this is a dumb question I apollogize.)
|
This is indeed too insecure. Anyone sniffing your network could get your mac address (since that's public information). You could try "tcpdump -e" (Has to be run as root. You may need some other flags. Tcpdump is included in Slackware) and you'll see it by your self.
Why don't simply use a good old password? or a ssh-key which is only being kept in your laptop?
|
|
|
05-12-2006, 07:15 AM
|
#9
|
Member
Registered: Feb 2002
Location: USA
Distribution: Fedora, CENTOS
Posts: 209
Rep:
|
Quote:
Originally Posted by theoffset
This is indeed too insecure. Anyone sniffing your network could get your mac address (since that's public information). You could try "tcpdump -e" (Has to be run as root. You may need some other flags. Tcpdump is included in Slackware) and you'll see it by your self.
Why don't simply use a good old password? or a ssh-key which is only being kept in your laptop?
|
I intend to use a good password too. I was looking for extra security measures.
Although I didn't think of the SSH key idea.
|
|
|
05-12-2006, 08:34 AM
|
#10
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
I second the key idea (have a read through this for good instrucions). Using keys would restrict access to only those machines that have the appropriate counterpart, so if you have a private key on your laptop and the public key on the server, only your laptop can gain access.
Provided you keep your private key private.
|
|
|
All times are GMT -5. The time now is 08:23 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|