I am trying to apply MAC filtering on my network. I know it can be spoofed, but I don't think anyone on this network is smart enough to try that. I have read that you can do this using Squid, which I have setup or using iptables.
According to this
page (10.20), I first need to enable it. I installed it using the rpm that came with FC5. How can I check to this if this already configured?
Using iptables, this is what I have gathered,
iptables -N MAC_allow
iptables -A MAC_allow -m mac --mac-source 00:00:00:00:00:00 -j RETURN
iptables -A MAC_allow -m mac --mac-source 00:00:00:00:00:00 -j RETURN
iptables -A MAC_allow -j REJECT --reject-with icmp-net-prohibited
iptables -A FORWARD -i eth0 -o eth1 -p tcp -j MAC_allow
iptables -A FORWARD -i eth0 -o eth1 -p udp -j MAC_allow
(eth0 is local LAN, eth1 is Internet)
Is this look correct? First time I write my own iptables. Also, which way would be better. If I am correct, using squid, it will only block port 80? Thanks for the help.