Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-04-2007, 01:12 PM   #1
Registered: Oct 2004
Location: Iceland
Posts: 94

Rep: Reputation: 15
How to open port on iptables locked on a specific internal MAC address?

Hello there.

I am currently having a slight problem with our firewall. Basically "transmissions" are locked and all ports locked except for HTTP and HTTPS.

However one developers computer has to have access through the firewall on a specific port (the FTP port, 21).

However I need it so that only this specific computer to be able to get through the Firewall. Therefore I thought of opening a port open only for that computers specific MAC address.

However after some googling I haven't found the right command/rule for this. Can anyone tell me the rule/show me where I can find something like this?.

Thanks in advance.

Jonatan Nilsson

Just to clarify: Everything is locked so I thing I may also have to specifie OUT and IN.
Old 10-05-2007, 01:14 AM   #2
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Rep: Reputation: 15
i'm very new to iptables but from the manual:
--mac-source [!] address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for
packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

i believe this will work for you:
iptables -A INPUT -p tcp --dport ftp --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
Old 10-05-2007, 02:16 AM   #3
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
The syntax on that is missing the module. It's like:
-m mac --mac-source xx:xx:xx:xx:xx:xx
Also, if this is a gateway/firewall setup, in the sense that you want to give someone on the LAN access to an FTP server on the WAN, then you need to use the FORWARD chain.
iptables -A FORWARD -p TCP -i $LAN_IFACE -o $WAN_IFACE --dport 21 \
-m state --state NEW -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
The returning packets will get picked-up by your RELATED,ESTABLISHED rule.


firewall, iptables, mac address, port

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP Assign ip to specific MAC address gfem Linux - Networking 2 08-02-2007 02:58 PM
iptables - how to filter internal nat'd address neocontrol Linux - Security 14 07-03-2007 03:02 PM
Specific AP (MAC address) association on Ubuntu with Cisco a/b/g PCMCIA card glassyr Linux - Wireless Networking 0 02-20-2007 07:50 AM
Restricting access to a specific port by MAC address caps_phisto Linux - Networking 3 10-23-2006 01:55 PM
get mac address given a specific interface kpachopoulos Programming 6 06-07-2006 02:41 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:11 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration