hi all,
I'm pretty layman on this topic. I have two interfaces, one in local
network (192.168.0.0) and other to isp. Now, I want to block certain
mac address from local network from reaching internet, but i want to
allow him to reach server (for samba, etc...). I tried several
commands, read on manuals, but all I can get is either all or none
(either that mac address have internet access and server access, or he
can't get to internet and server at all ("server" is at 192.168.0.1))
I hope I said all relevant details, if not, ask me and I'll try to tell
Here is my script I use, if that can help a bit:
................
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
# I tried this
#iptables -A PREROUTING -t nat -p ALL -m mac --mac-source
00:15:F2:33:B5:92 -j DROP
# and this
#iptables -A FORWARD -p ALL -m mac --mac-source 00:15:F2:33:B5:92 -j DROP
Thanks in advance, Branko Kokanovic
