On 2005.03.17 17:55, Manuel Schmitz - Port17@xxxxxxx wrote:
Hello,
I am desperately trying to establish mac-filtering on my debian-router.
- All default chains are empty, policy set to "ACCEPT".
- I execute
iptables -A FORWARD -m mac --mac-source $MY_MAC -j ACCEPT
and then set the FORWARD-Policy to "DROP". Now I expect the chain to
drop all packages exept these coming from $MY_MAC. Am I right?
- It does not work. It drops ALL traffic. So why?
How do you know that *all* packets are dropped?
Why would changing the default policy affect a working rule?
Have you done iptables -L -nvx and examined the counts?
The rule is for one direction only - from $MY_MAC to the world,
there is no provision for traffic to $MY_MAC.
A rule like this would handle most reply traffic:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
For a really good reference on iptables in general, check out
http://iptables-tutorial.frozentux.net/
--
Jim Laurino
nfcan.x.jimlaur@xxxxxxxx
Please reply to the list.
Only mail from the listserver reaches this address.
