IPTABLES rules with mac address?
Hi,
I'm setting up a Firewall with Iptables, the firewall
1. - must block msn service but
2.- allow the hotmail service, also
3 . - must be able to allow some user's to use msn,
The first thing I've done with the next rules
$iptables -t mangle -A PREROUTING -p tcp --dport 1863 -j DROP
while read messenger; do
iptables -t mangle -A PREROUTING -d $messenger -j DROP
done $less$ /etc/list-of-msn-servers
this works, but also block's the hotmail service, any suggestions about what can i do?
the third thing I was thinking solve with mac address, the firewall is also a DHCP server, so in my LAN I don't have fix ip address I found something that allows to some users use the msn service but there is based on ip's, can someone help me to translate those rules to work with mac address?
/sbin/iptables -A FORWARD -s dir.ip.del.usuario/32 -d 0/0 -p tcp --dport
1863 -j ACCEPT
/sbin/iptables -A FORWARD -s 0/0 -d dir.ip.del.usuario/32 -p tcp --sport
1863 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s dir.ip.del.usuario/32 -d 0/0 -p
tcp --dport 1863 -j MASQUERADE
I defined those rules in the following way, but i seen to be wrong
/sbin/iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -d 0/0 -p tcp --dport 1863 -j ACCEPT
/sbin/iptables -A FORWARD -s 0/0 -m mac --mac-source 00:00:00:00:00:00 -p tcp --sport 1863 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -m mac --mac-source 00:00:00:00:00:00 -d 0/0 -p tcp --dport 1863 -j MASQUERADE
where 00:00:00:00:00:00 is the mac address of the user that I want to allow the msn service
Thanks
Xpathfinder.
|
