Sebastião Antônio Campos (GWA) wrote:
I have a list of the mac address 00:0c:6E:11:E8:B0, 00:D8:02:D8:C8:DF,
00:E7:05:C9:07:EA............ and and I'd like that only these mac address
could access only the following IP: 200.221.2.128, 200.221.2.129,
200.221.2.130, 200.221.2.131, 200.205.144.75, 200.205.144.76. But the other
mac address could access everything.
I would be tempted to do something like the following:
# Create a new chain to put the allowed sites in for filtered MACs.
iptables -t filter -N MACFilteredSites
# Watch for a specific MAC address and jump to said chain on matches.
iptables -t filter -A FORWARD -i ${LAN} -o ${INet} -m mac --mac-source 00:0c:6E:11:E8:B0 -j MACFilterdSites
iptables -t filter -A FORWARD -i ${LAN} -o ${INet} -m mac --mac-source 00:D8:02:D8:C8:DF -j MACFilterdSites
iptables -t filter -A FORWARD -i ${LAN} -o ${INet} -m mac --mac-source 00:E7:05:C9:07:EA -j MACFilterdSites
# Only allow the filtered MACs to go to these sites (IP addresses).
# Note: We do not need to test for -i and -o interfaces b/c we tested for this before we got to this chain.
iptables -t filter -A MACFilteredSites -d 200.221.2.128 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.221.2.129 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.221.2.130 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.221.2.131 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.205.144.75 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.205.144.76 -j RETURN
iptables -t filter -A MACFilteredSites -j LOG
iptables -t filter -A MACFilteredSites -j DROP
Grant. . . .
