can't block MAC Address using iptables
 

Why i can't block a user using MAC Address from get access to my server.The user can still access the website from my server This is my script in the iptables

/////////////////////////////////////////////////////////
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m mac --mac-source <USER MAC ADDRESS> -j DROP

COMMIT
/////////////////////////////////////////////////////////

In the above "script", if you already have INPUT policy set to DROP (nothing that is explicitly allowed, is silently denied), the lower appended rule (mac address) won't of course work because it doesn't change anything. The curious thing is, if your INPUT is set to DROP for everything, how is it possible that somebody can connect to your server?

I think there's something else wrong too.

Do you mean that the user can get to your server and using your server machine get access to the website (which is also in your server?) or what? Sounds like a very truly odd, bizarre and maybe bad setup. Maybe I'm misunderstanding this situation; could you be more specific? For example paste the whole script (unless that is it), perhaps in a shell script format (rather than "iptables format"), and be more clear about this whole thing; is the user using a separate machine from the server, the server itself or what and so on..

The situation is like this

if i have insert the user mac address(get mac info from user machine) to iptables in my server, it should block the user right..so the user should can 't access the webpages that host in my server.it is this right ??
or how to test the user is exactly block by the the server or not ??

this the full iptables script that i get form iptables
////////////////////////////////////
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m mac --mac-source <USER MAC ADDRESS> -j DROP
COMMIT
///////////////////////////////////

hope u can help me to figure out the problems ??