[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables by mac

i would like to do using FORWARD

iptables -A FORWARD -s -m ! 00:0F:EA:91:04:08 -d -p tcp --dport
3128 -j DROP

i want to set this rule to avoid the computer being cloned
i think using mac & iptables i can solve this rigth ?

What do you mean by "cloned". It is trivial to spoof a mac address.
Also, the mac address only matters per network segment, so this would
only be useful when used for something that is behind your firewall
being permitted out, or something that is directly on the external
side of your firewall coming in. MAC addresses become completely
irrelevent once traffic passes through a router.

As for your syntax, that looks correct.


Reply to: