Re: Reject Mac-Address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le ven 01/08/2003 à 05:20, Leonardo Pires a écrit :
> I have the following scenario:
> internet--router---firewall---router---clients
> I have the mac_address of all clients, and I need to reject some
> clients in the firewall  using the mac_address, someone know how can I
> do  it ?

You will do source MAC address based filtering. Use mac match :

cbr@xxxxxxx:~$ iptables -m mac --help
iptables v1.2.7a
[...]
MAC v1.2.7a options:
 --mac-source [!] XX:XX:XX:XX:XX:XX
                                Match source MAC address

Suppose you want to deny access to a host considering its MAC address :

	iptables -A FORWARD -m mac --mac-source $FORBIDEN_MAC -j DROP

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux