Le dim 16/03/2003 à 11:06, Mohammad Shakir a écrit : > # Flush all Rules > /sbin/iptables --flush > /sbin/iptables --table nat --flush > /sbin/iptables --delete-chain > /sbin/iptables --table nat --delete-cha > /sbin/iptables -N MACtest > > # to block this MAC Address > /sbin/iptables -A MACtest -m mac --mac-source 00:11:22:33:44:55 -j > DROP > > # for transprent proxy > /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > REDIRECT --to-port 3128 > > # for MASQUREADE > /sbin/iptables --table nat --append POSTROUTING -s 192.168.0.0/24 > --out-interface ppp0 -j MASQUERADE > > echo "1" > /proc/sys/net/ipv4/ip_forward > > I want to block a mac address, but this script is not blocking for it, > any idea? As far as I can see, you do not have any rule that sends packets to MACtest chain. as a consequence, if your packets are not sent into it, there's no chance for them to get dropped. You should have a look to MACtest counters to see if packets do go through : iptables -L MACtest -v -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security expert - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
