Hi all, I think dual homed machine ( two NICs...one for internal network and one for external network ) using next rule you will restict particular user to access to internet iptables -A FORWARD -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP XX:XX:XX:XX:XX:XX represent MAC address of host you want to block Using the same logic you can implement rules to forbid a host to access particular part of your network, some services an so on. The useful place to visit and read material there is http://iptables-tutorial.frozentux.net/iptables-tutorial.html Regards --- Tommy W <tommy@xxxxxxxxxxxxxxxxxx> wrote: > On Saturday 25 November 2006 09:10, alok pathak > wrote: > > I am using CentOS3.8 (with kernel version > 2.4.21-47.EL, iptables > > version 1.2.8-12.3, on AMD sampron x68_64). I > want to restrict my > > users based on their MAC, and used the command: > > > > # iptables -A INPUT -m --mac-source > 12:12:12:12:12:12 -j DROP > > It should be like this I recon > > # iptables -A INPUT -m mac --mac-source > 12:12:12:12:12:12 -j DROP > > ____________________________________________________________________________________ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index
