On Sunday 29 February 2004 2:38 pm, Sasa Stupar wrote: > Sasa Stupar pravi: > > Antony Stone pravi: > >> > >> Try something like: > >> > >> iptables -A INPUT -s a.b.c.d -m mac --mac aa:bb:cc:dd:ee:ff -j ACCEPT > >> > >> Where a.b.c.d is the IP address and aa:bb:cc:dd:ee:ff is the MAC > >> address of the machine you want to allow access to the firewall system. > >> > >> See "man iptables" for more info. > I have done this command and it doesn't work. When you say "it doesn't work", do you mean netfilter gives you an error, saying there is a problem with the command you entered, or netfilter accepts the command, but it doesn't happen to do what you want it to do? > I have changed the rule to: > > iptables -A INPUT -s ! a.b.c.d -m ! mac --mac aa:bb:cc:dd:ee:ff -j DROP > > then it works This sounds worryingly like you have a default ACCEPT policy on your INPUT table. > BUT as soon as I add another ip and mac address then I am > blocked out. > > What am I doing wrong here? Tell us the rest of your ruleset - it sounds like you are accepting everything on INPUT, except packets which you're blocking, when you should be doing it the other way round. Regards, Antony. -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer Please reply to the list; please don't CC me.