Hello to all,
I have to give internet access to a small group of users from a local network. Internet interface is eth0 and local lan interface is eth1. I guess these rules are ok for my intention:
iptables -t mangle -A FORWARD -i eth1 -o eth0 -s x.x.x.x -m mac --mac-source aa:aa:aa:aa:aa:aa -j ACCEPT
iptables -t mangle -A FORWARD -i eth1 -o eth0 -s y.y.y.y -m mac --mac-source bb:bb:bb:bb:bb:bb -j ACCEPT
iptables -t mangle -A FORWARD -i eth1 -o eth0 -j DROP
But I recently found out that mac address can be changed. So, I need a third security identifier for iptables or any other solution to increase security. Any clues on this? thx.
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
