using iptables...........mac address......bloc pc

hermouche · 04-26-2006, 09:40 AM

hy

i am using FC5.

i would like to use iptables in order to block a host fromgetting outside 'internet".

since the host is getting an IP address from a DHCP, so i can't just block th host using his IP address since the IP address is changing.

So i would like to use the host mac address in orther to block it.

i loocked at the "man iptables" it says:
#iptables -A FORWARD --mac-source xx:xx:xx:xx:xx:xx -j DROP

that's what i did but the answer is " unrecognized arg --mac-source"

any help will be appreciated.
thanks.

this works perfectly:
iptables -A FORWARD -s 192.168.0.120 -d 0/0 -j DROP

lucktsm · 04-26-2006, 10:19 AM

Interesting. The --mac-source looks correct and is in the man page. Is this machine a proxy for the rest of them? You may try INPUT instead of FORWARD.

win32sux · 04-26-2006, 01:40 PM

Quote:

Originally Posted by hermouche

iptables -A FORWARD --mac-source xx:xx:xx:xx:xx:xx -j DROP

that's what i did but the answer is " unrecognized arg --mac-source"

your syntax is incomplete... it's like this:

Code:

iptables -A FORWARD -m mac --mac-source xx:xx:xx:xx:xx:xx -j DROP

BTW, it would be a good idea to match your LAN interface also... like:

Code:

iptables -A FORWARD -i $LAN_IFACE -m mac \
--mac-source xx:xx:xx:xx:xx:xx -j DROP

just my

...

hermouche · 04-27-2006, 04:41 AM

great

It works.

thanks, thanks