[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables by mac

>> i would like to do using FORWARD
>> example
>> iptables -A FORWARD -s -m ! 00:0F:EA:91:04:08 -d -p tcp
>> --dport
>> 3128 -j DROP
>> i want to set this rule to avoid the computer being cloned
>> i think using mac & iptables i can solve this rigth ?
> What do you mean by "cloned". It is trivial to spoof a mac address.
> Also, the mac address only matters per network segment, so this would
> only be useful when used for something that is behind your firewall
> being permitted out, or something that is directly on the external
> side of your firewall coming in. MAC addresses become completely
> irrelevent once traffic passes through a router.
> As for your syntax, that looks correct.

> ~Daniel
yes but is not rigth check at this
thats other computer from my network

ruter-deb:~$ telnet rh 3128
Trying rh...
Connected to rh
Escape character is '^]'.

the only computer who must be allow to connect to that rh on port 3128 must
be ruter-deb1 , (the one who is using the mac commented on iptables)


                           Luis A. Rondon Paz
    L I N U X       .~.    Admin intranet CNT
   The  Choice      /V\    icq #132736035
    of a GNU       /( )\   itachi@cnt.uo.edu.cu
   Generation      ^^-^^    Santiago de cuba

Reply to: