LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   blocking connection through MAC address (https://www.linuxquestions.org/questions/linux-security-4/blocking-connection-through-mac-address-57420/)

shahriars 04-30-2003 01:19 AM

blocking connection through MAC address
 
Hello! I am wondering if anybody can help me in finding ways to block connection to the server using MAC address. The scenerio is

I have a DHCP server which also acts as a network gateway for my entire LAN. I used to use IP for blocking certain computers to browse the Internet (I have squid running in the same box), but then they would change their IP and get into the Net. I am using RH8.

Now, can anybody please tell me if I can block these connections using MAC address through IPTables, and if yes, how?

If no, what can be an alternative means?

The fact that these connections are using other IP is both annoying and occassionally problematic for me since they are colliding with the eligible IPs as well.

Thanks for your response

webtoe 04-30-2003 08:12 AM

Look at the various modules that can be used for iptables. Look in the kernel configuration screen under networking options->ip netfilter configuration->MAC match address support. THat should do the trick.

Actually setting it up is a bit beyond my experience but the documentation should help you.

Alex

tyler_durden 05-02-2003 10:00 PM

You could aslo setup dchp to assign specific IP addresses to specific mac addresses. You could then use regular IP tables to filter out the internet connection

Trd79 05-08-2003 04:55 AM

try this
 
Hi

I think I know what you are trying to do. I would like to so something similar. I would like to force all users to connect using DHCP, and to block users who specify their own IP.

However, if you just want to block certain computers completely, its easy using iptables

iptables -I INPUT -p all -m mac --mac-source aa:bb:cc:dd:ee:ff -j DROP

will prevent connection from the mac address aa:bb:cc:dd:ee:ff

if you want to allow access again just do service firewall restart

To make the changes more permanent (to survive restarting the firewall) you will need to edit rc.firewall

Hope this helps

Let us know if you manage to sort out IP assignments.

shahriars 05-09-2003 07:13 AM

yes, it worked :-) I love it ;-)

but as people suspected, I changed -p all to -p tcp, so they can ping, but no internet :-)

thanks thanks and thanks.

all the best

daznis 06-01-2003 01:09 PM

but they can play games :) cs quake ia :)

shahriars 06-01-2003 11:47 PM

well, in my network, they cannot. Any and ALL request to the interface is rejected immediately. Can they play games in yours?

daznis 06-02-2003 01:45 PM

well i have a little home network :)


All times are GMT -5. The time now is 05:00 AM.