Please don't top-post. Thank you.
On Wednesday 2005-October-05 00:19, Winanjaya - PBXSoftwares wrote:
> Hi . . I already had the list of MAC Address .. and they stored in
> the file named maclist (ie. /etc/sysconfig/maclist) ..
Yes.
> what I need is to configure iptables to read maclist file when there
iptables cannot read from a file. Use a shell script to do that.
> is incoming trafic from the IP address 172.16.2.241 to 172.16.2.250
> ..if the MAC Address listed then the traffic will allowed otherwise
> the traffic will be dropped or rejected..
>
> any idea ? .. please advise
You were given good advice:
> ----- Original Message -----
> From: "Marcos S. Trazzini" <mstrazzini@xxxxxxxxx>
> To: <netfilter@xxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, October 05, 2005 11:58 AM
> Subject: Re: IP and MAC Address check
>
snip
> > ---CUT HERE---
> > while read mac; do
> > iptables -A INPUT -m mac --mac-source $mac -m iprange \
> > --src-range 172.16.2.241-172.16.2.250 -j ACCEPT
> > done < /path/to/maclist
> > iptables -AINPUT -m iprange --src-range \
> > 172.16.2.241-172.16.2.250 -j DROP
> > ---CUT HERE---
My only comment is that some older systems might not have -m iprange.
But no worries, it's not far outside 2 CIDR ranges: 172.16.2.240/29 and
172.16.2.248/30.
Ah, one other comment: this might be better structured using a
user-defined chain.
> > See also:
> > # iptables -m mac --help
> > # iptables -m iprange --help
And of course "man iptables".
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
