On Saturday 08 November 2003 11:43 am, kannel sms wrote:
> This dhcp server specially allcate for Cable modem
> system . That cable modem has a MAC addresses. I'm
> sure.
Yes, a cable modem will have a MAC address. Your first posting mentioned
dial-up users, so I assumed you meant standard analogue telephone system
dial-up modems.
> If u can tell me how to implement that MAC blocking
> for the LAN , i can manage that methods for cable
> modem as well.
I would create a user-defined chain which ACCEPTs the desired MAC addresses
and DROPs all others:
iptables -N MACcheck
iptables -A MACcheck -m mac --mac-source aa.bb.cc.dd.ee.ff -j ACCEPT
iptables -A MACcheck -m mac --mac-source uu.vv.ww.xx.yy.zz -j ACCEPT
iptables -A MACcheck -j DROP
(Add as many ACCEPT lines as you want to match MAC addresses)
Then, if you want to restrict packets coming in to the netfilter box itself:
iptables -I INPUT -i eth0 -j MACcheck
or if you want to restrict packets going through the netfilter box to
somewhere else:
iptables -I INPUT -i eth0 -j MACcheck
(Adjust eth0 for whichever interface your cable modems are connected).
Antony.
PS: If you want to reply, please reply to the list, not to me personally.
--
You can spend the whole of your life trying to be popular,
but at the end of the day the size of the crowd at your funeral
will be largely dictated by the weather.
- Frank Skinner
Please reply to the list;
please don't CC me.
