DHCP /MAC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Friends ,
 
i think u all can help me .
I have DHCP server . That is allow for dialup/Cable modem users . So that users use that certain modems . That all modems have MAC adderesses . Those modems providing by us .
So those valid modems has known MAC addresses . If unknow modem connected to the modem that will be restyrict by the firewall .
 
Actually i want  to block unknown MACs and allow the other all known MACs .
 
I have did some configurations in iptables but it doesn't work . Currently i'm testing this concept in a LAN with 5 PCs .
 
######################################################################################################################
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
#######################################################################################################################

iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
iptables -A OUTPUT -o lo -m state --state NEW -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW -j ACCEPT

######################################################################################################################
iptables -A INPUT -p udp -s 192.168.30.0/24 --dport 67 -i ! eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.30.0/24 --dport 67 -i ! eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT

iptables -A INPUT -p udp -s 192.168.30.0/24 --dport 68 -i ! eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.30.0/24 --dport 68 -i ! eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT
#####################################################################################################################

pls help me .............where can be the problem 
 
 
thanx
 
 

Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux