You probably can use the mac target, passing a --mac-source option to filter the macs you want to have access to the net. All other connections should be treated by another rule that will do some NATing to redirect all the traffic to your web server. The second part of the solution probably was already discussed hundreds of times here already, and there are a lot of very good tutorial on the net on how to to this. Cheers, KM On Wed, Feb 13, 2008 at 2:54 PM, Cupertino Miranda <philfine@xxxxxxxxx> wrote: > Hello everyone, > > For one of my current hackings I need to construct the following > network rules. > > I need to disable internet access to all the local network hosts by > redirecting them the my webserver (allowing to show some web page in > case of http connection). > Enable internet access by mac address to some of this hosts. > > I have currently general NAT rules in gateway machine. > > Can someone provide me some details how can I do it. > > Thanks a lot > - > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Informação & Segurança - Informações para sua segurança na rede. http://info-seg.blogspot.com - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html