From: Sasa Stupar <sasa@stupar.homelinux.net>
To: Netfilter-List <netfilter@lists.netfilter.org>
Subject: Re: MAC addres and iptables
Date: Sun, 29 Feb 2004 15:38:45 +0100 [thread overview]
Message-ID: <4041F975.3060701@stupar.homelinux.net> (raw)
In-Reply-To: <4041F1E4.8020408@stupar.homelinux.net>
Sasa Stupar pravi:
> Antony Stone pravi:
>
>> On Sunday 29 February 2004 1:45 pm, Sasa Stupar wrote:
>>
>>
>>
>>> Hi!
>>>
>>> I have a working router for my network. Is it possible to allow access
>>> to the router by defining a MAC address with iptables?
>>> So basically I need to allow only some users to access internet and not
>>> all. So I want to allow access only to users with certain MAC address
>>> and deny all others.
>>>
>>> Is this possible with iptables and how?
>>>
>>
>>
>> Try something like:
>>
>> iptables -A INPUT -s a.b.c.d -m mac --mac aa:bb:cc:dd:ee:ff -j ACCEPT
>>
>> Where a.b.c.d is the IP address and aa:bb:cc:dd:ee:ff is the MAC
>> address of the machine you want to allow access to the firewall system.
>>
>> You need to have compiled mac address matching into your kernel, or
>> loaded the appropriate module.
>>
>> See "man iptables" for more info.
>>
>> Regards,
>>
>> Antony.
>>
>>
>>
>
> Thanx for the answer. Since I am new to linux and iptables: how do I
> know if mac address matching is compiled or not in the kernel and what
> is the responsible module?
> BTW, I am running on RH8 with iptables 1.2.9.
>
> Regards,
> Sasa
>
>
I have done this command and it doesn't work. I have changed the rule to:
iptables -A INPUT -s ! a.b.c.d -m ! mac --mac aa:bb:cc:dd:ee:ff -j DROP
then it works BUT as soon as I add another ip and mac address then I am
blocked out.
What am I doing wrong here?
Regards,
Sasa
next prev parent reply other threads:[~2004-02-29 14:38 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-29 13:45 MAC addres and iptables Sasa Stupar
2004-02-29 13:55 ` Antony Stone
2004-02-29 14:06 ` Sasa Stupar
2004-02-29 14:14 ` MAC address " Antony Stone
2004-02-29 14:38 ` Sasa Stupar [this message]
2004-02-29 15:12 ` Antony Stone
2004-02-29 15:40 ` Sasa Stupar
2004-02-29 15:55 ` Antony Stone
2004-02-29 16:02 ` Sasa Stupar
2004-02-29 16:14 ` David Cannings
2004-02-29 16:16 ` Antony Stone
2004-02-29 18:10 ` Sasa Stupar
2004-02-29 21:44 ` Sasa Stupar
2004-02-29 22:03 ` Antony Stone
2004-03-01 6:27 ` Sasa Stupar
2004-03-01 6:42 ` Sasa Stupar
2004-03-01 9:34 ` Sasa Stupar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4041F975.3060701@stupar.homelinux.net \
--to=sasa@stupar.homelinux.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.