On Sunday 29 February 2004 4:02 pm, Sasa Stupar wrote:
> What I want is to accept connections only from those listed in the rules
> and drop others. But with the current config it accepts connectins also
> from others which are not in the rules.
In that case, either:
a) add the -s a.b.c.d -m mac --mac aa:bb:cc:dd:ee:ff to each rule which you
only want to match a specific machine
or
b) put all your rules into a user-defined chain, and then jump to that chain
only for packets which match the required IP/MAC combination:
iptables -N myrules
iptables -A myrules -p tcp --dport 21 -j ACCEPT
iptables -A myrules -p tcp --dport 23 -j ACCEPT
etc
iptables -A INPUT -s a.b.c.d -m mac --mac aa:bb:cc:dd:ee:ff -j myrules
With this design you can also easily allow more than one machine to connect if
you wish, by adding another INPUT rule:
iptables -A INPUT -s w.x.y.z -m mac --mac uu:vv:ww:xx:yy:zz -j myrules
Regards,
Antony.
--
Programming is a Dark Art, and it will always be. The programmer is
fighting against the two most destructive forces in the universe:
entropy and human stupidity. They're not things you can always
overcome with a "methodology" or on a schedule.
- Damian Conway, Perl God
Please reply to the list;
please don't CC me.
