Hello,

how to block all mac address to stop the Internet, so i can permit only privileged mac addresses to access the Internet .

Configuration mentioned below of my iptables on Centos6.7

# Generated by iptables-save v1.4.7
*nat
:PREROUTING ACCEPT [140:15667]
:POSTROUTING ACCEPT [1:172]
:OUTPUT ACCEPT [2:292]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Jan 5 10:26:53 2016
# Generated by iptables-save v1.4.7 on Tue Jan 5 10:26:53 2016
*filter
:INPUT DROP [7:442]
:FORWARD ACCEPT [21:1458]
:OUTPUT ACCEPT [9:936]
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A INPUT -s ip address -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -s ipaddress -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -s ipaddress -p tcp -m tcp --dport 9888 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A FORWARD -i eth1 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 0 -j DROP
COMMIT
# Completed

You need to do this on the router that connects your network to the internet. Is this system your router? If so, you need to setup the FORWARD chain, not INPUT.

The internet has many tutorials for router setup using iptables. Start there, and to allow certain MAC addresses to use the router, use the mac module and the --mac-source option.

Thanks for reply.....

I am using this box as Router and as per your suggestion in trial message I had configured the FORWARD chain of three user mac address, configuration mentioned below.
two User getting the IP Address from DHCP Server but not able to browser, so please can you help me how they can browse.....

DHCPACK on 192.168.23.171 to 90:72:40:58:a9:95 (is-iPhone)
DHCPACK on 192.168.23.178 to FC:75:16:67:3F:BE (android-f50ef57524010a1e)
DHCPACK on 192.168.23.100 to 00:25:64:A4:3F:01 (android-7306f0c1f5e73255)

# Generated by iptables-save v1.4.7
*filter
:INPUT ACCEPT [37:6239]
:FORWARD DROP [789:129680]
:OUTPUT ACCEPT [89:13144]
-A INPUT -i eth1 -m mac --mac-source 34:E67:00:B1:E6 -j ACCEPT
-A INPUT -s IP ADDRESS -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -s IP ADDRESS -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -s IP ADDRESS -p tcp -m tcp --dport 9888 -j ACCEPT
-A INPUT -s IP ADDRESS -p tcp -m tcp --dport 9888 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m mac --mac-source FC:75:16:67:3F:BE -j ACCEPT
-A FORWARD -m mac --mac-source 00:25:64:A4:3F:01 -j ACCEPT
-A FORWARD -m mac --mac-source 90:72:40:58:A9:95 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 0 -j DROP
COMMIT
# Completed on Tue Jan 5 18:47:41 2016
# Generated by iptables-save v1.4.7 on Tue Jan 5 18:47:41 2016
*nat
:PREROUTING ACCEPT [406:28986]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:108]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Jan 5 18:47:41 2016
# Generated by iptables-save v1.4.7 on Tue Jan 5 18:47:41 2016
*mangle
:PREROUTING ACCEPT [1596:188447]
:INPUT ACCEPT [130:13127]
:FORWARD ACCEPT [1466:175320]
:OUTPUT ACCEPT [90:13236]
:POSTROUTING ACCEPT [767:58876]
COMMIT
# Completed