On Sunday 29 February 2004 2:38 pm, Sasa Stupar wrote:
> Sasa Stupar pravi:
> > Antony Stone pravi:
> >>
> >> Try something like:
> >>
> >> iptables -A INPUT -s a.b.c.d -m mac --mac aa:bb:cc:dd:ee:ff -j ACCEPT
> >>
> >> Where a.b.c.d is the IP address and aa:bb:cc:dd:ee:ff is the MAC
> >> address of the machine you want to allow access to the firewall system.
> >>
> >> See "man iptables" for more info.
> I have done this command and it doesn't work.
When you say "it doesn't work", do you mean netfilter gives you an error,
saying there is a problem with the command you entered, or netfilter accepts
the command, but it doesn't happen to do what you want it to do?
> I have changed the rule to:
>
> iptables -A INPUT -s ! a.b.c.d -m ! mac --mac aa:bb:cc:dd:ee:ff -j DROP
>
> then it works
This sounds worryingly like you have a default ACCEPT policy on your INPUT
table.
> BUT as soon as I add another ip and mac address then I am
> blocked out.
>
> What am I doing wrong here?
Tell us the rest of your ruleset - it sounds like you are accepting everything
on INPUT, except packets which you're blocking, when you should be doing it
the other way round.
Regards,
Antony.
--
Anyone that's normal doesn't really achieve much.
- Mark Blair, Australian rocket engineer
Please reply to the list;
please don't CC me.
