Re: MAC address and iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday 29 February 2004 2:38 pm, Sasa Stupar wrote:

> Sasa Stupar pravi:
> > Antony Stone pravi:
> >>
> >> Try something like:
> >>
> >> iptables -A INPUT -s a.b.c.d -m mac --mac aa:bb:cc:dd:ee:ff -j ACCEPT
> >>
> >> Where a.b.c.d is the IP address and aa:bb:cc:dd:ee:ff is the MAC
> >> address of the machine you want to allow access to the firewall system.
> >>
> >> See "man iptables" for more info.

> I have done this command and it doesn't work.

When you say "it doesn't work", do you mean netfilter gives you an error, 
saying there is a problem with the command you entered, or netfilter accepts 
the command, but it doesn't happen to do what you want it to do?

> I have changed the rule to:
>
> iptables -A INPUT -s ! a.b.c.d -m ! mac --mac aa:bb:cc:dd:ee:ff -j  DROP
>
> then it works

This sounds worryingly like you have a default ACCEPT policy on your INPUT 
table.

> BUT as soon as I add another ip and mac address then I am
> blocked out.
>
> What am I doing wrong here?

Tell us the rest of your ruleset - it sounds like you are accepting everything 
on INPUT, except packets which you're blocking, when you should be doing it 
the other way round.

Regards,

Antony.

-- 
Anyone that's normal doesn't really achieve much.

 - Mark Blair, Australian rocket engineer

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux