On Wed, 2005-01-19 at 05:36, Linux Query wrote: > Hi all! > > I want to ensure that each of my clients can have > access to the net only with the ip address which is > specifically assigned to him / her. Is the following > going to work ? > > iptables -I FORWARD -o externalinterface -s > xx.xx.xx.xx -m mac --mac-source yy:yy:yy:yy:yy -j > ACCEPT > > or is it required to be done in some other way ? looks good to me. you may want to specify "-i $INTERNAL_INTERFACE" as well, but that's just me. -j -- "It is better to remain silent and thought a fool, than open your mouth and remove all doubt." --The Simpsons
