LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-21-2007, 01:39 PM   #1
Ventrix
LQ Newbie
 
Registered: Mar 2006
Location: Greece - Athens/Nafpaktos
Distribution: Debian testing
Posts: 1

Rep: Reputation: 0
iptables mac filtering


I have a wireless router connected to a server pc running linux as a gateway.

I want only those 4 mac addresses to be able to have internet.

Is this correct?

iptables -A FORWARD -p ALL -m mac --mac-source <mac1> -j ACCEPT
iptables -A FORWARD -p ALL -m mac --mac-source <mac2> -j ACCEPT
iptables -A FORWARD -p ALL -m mac --mac-source <mac3> -j ACCEPT
iptables -A FORWARD -p ALL -m mac --mac-source <mac4> -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
 
Old 11-21-2007, 07:29 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Yeah, but you'd need either a DROP rule for the non-wanted MACs after those rules, or your FORWARD policy set to DROP (which we can't tell if it is from what you posted). That said, it would be better if you would make the rules a little more specific by specifying the incoming and outgoing interfaces, as well as the packet states, like:
Code:
iptables -P FORWARD DROP

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source <mac1> \
-m state --state NEW -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source <mac2> \
-m state --state NEW -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source <mac3> \
-m state --state NEW -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source <mac4> \
-m state --state NEW -j ACCEPT
Notice how the "-p ALL" isn't needed since it's implicit.

Last edited by win32sux; 11-21-2007 at 07:35 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian MAC Filtering dellthinker Linux - Security 1 03-16-2007 04:10 AM
MAC-Level Filtering Siva4Linux Linux - Wireless Networking 5 10-17-2006 02:52 AM
MAC Filtering eggoz Linux - Networking 1 06-11-2006 01:11 PM
MAC Filtering eggoz Linux - Networking 3 06-06-2006 02:20 AM
mac address filtering gabsik Linux - Security 8 04-27-2006 08:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration