Hello! I'd like to restrict WLAN access to my server by using mac filtering policy. Here is some of my iptables chains: #default prerouting drop policy and only allowing certain client NICs based on mac address iptables -t mangle -P PREROUTING DROP iptables -t mangle -A PREROUTING -i wlan0 -m mac --mac-source (physaddr of an allowed client NIC) -j ACCEPT These rules however doesn't stop unauthorized clients with foreign mac addresses to successfully connect and obtain ip address from the DHCP server running on the same machine - and I don't understand why. The prerouting mangle chain is supposed to be passed by all packets, right? If I drop all of the packets coming from unknown mac addressed clients how can they still obtain the DHCP info? I'd like to know how to filter out all communication from all clients and only allow authorized ones to connect to the DHCP server. Thank you Gábor
