also sprach Omar Al-Siaghi <alsiaghi@mac.com> [2005.01.31.1137 +0100]: > I am working for a wireless ISP, and we are using a Debian Router. > We use IPtables.rules to set the forwarding and NAT, but I am wondering > if there is a way to restrict certian IP addresses to be able to log on > from a MAC Address. In other words, only the given MAC address paired > with the IP address can access a network. What would be the best > solution for that. Thank you all in advance. Use iptables like this: iptables -A FORWARD -j check-macs iptables -N check-macs iptables -A check-macs -j DROP iptables -I check-macs -m mac --mac fe:ed:de:ad:be:ef -s 192.168.0.1 -j RETURN (written from the top of my head; not checked for syntax) This is what we do. Be aware, though, that MAC addresses can easily be changed, at least on Unix systems. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature