NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: iptables MAC problem

from [Elvir Kuric] [Permanent Link][Original]
To: tommy@svearike.sytes.net, netfilter@lists.netfilter.org
Subject: Re: iptables MAC problem
From: Elvir Kuric <omasnjak@yahoo.com>
Date: Sun, 26 Nov 2006 11:05:15 -0800 (PST)
Cc:
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=CE/YFUtAPxTzYVUo3YKVkP/htFUmveUA+diNI4/CpH9s1oyWsmuwAIVojSXywmeNtR9wnyfwuT8HNoGRRkm5CwnABa4Vneftmav3QxwxiuIUCcZY7ZCFhiiM0oKObUfnsavEeXsgChAliNcsaQLMu3hIg9FBsM77LG48Lpca9po=;
In-reply-to: <200611251000.53462.tommy@svearike.sytes.net>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org 
Hi all, 

I think dual homed machine ( two NICs...one for
internal network and one for external network ) 

using next rule you will restict  particular user to
access to internet
iptables -A FORWARD -m mac --mac-source
XX:XX:XX:XX:XX:XX -j DROP

XX:XX:XX:XX:XX:XX represent MAC address of host you
want to block
Using the same logic you can implement rules to forbid
a host to access particular part of your network, some
services an so on.
The useful place to visit and read material there is 
http://iptables-tutorial.frozentux.net/iptables-tutorial.html

Regards 

--- Tommy W <tommy@svearike.sytes.net> wrote:

> On Saturday 25 November 2006 09:10, alok pathak
> wrote:
> > I am using CentOS3.8 (with kernel version
> 2.4.21-47.EL, iptables
> > version 1.2.8-12.3, on AMD sampron x68_64).  I
> want to restrict my
> > users based on their MAC, and used the command:
> >
> > # iptables -A INPUT -m --mac-source
> 12:12:12:12:12:12 -j DROP
> 
> It should be like this I recon
> 
>  # iptables -A INPUT -m mac --mac-source
> 12:12:12:12:12:12 -j DROP
> 
> 



 
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ip routing after changing mac address to a virtual one, Mike
Next by Date:  Re: Passive FTP sees remote's _internal_ IP!!??, William Lima
Previous by Thread:  Re: iptables MAC problem, Tommy W
Next by Thread:  ip routing after changing mac address to a virtual one, first last
Indexes:  [Date] [Thread] [Top] [All Lists]